p U WVSu~D8^t&j/S5u @EEEth5W6OPoYXQ̀Qrø/usr/libexec/ld.soNo ld.so Failure reading ld.so Bad magic: ld.so Cannot map ld.so crt0: update /usr/libexec/ld.so ld.so failed U,WVS}pjjhj,\u8Gxu|j hjjjj j EP5\jwjhjjjj Etfff= u L= tCEtfff=u &=tjhjjSjjG XEtfff= u| = tpEtff%=uM =t@Etff%= t = u 11RPj5\jjEEEPjjhhoT0ujhjjRjjF Etfff= t8 t,tfff=tMtfff= u = tvtff%=uS =tBtffҁ t u %Mtfff= u = tvtff%=uS =tBtffҁ t u  A 1RPj5\jjuTSjhhU0ujhjj=jj1 Et\jjj5XhjPEETPjhh0ujhjjjj =`dhl|tTT VjӃuIj!h jjoVjӃ ujhAjjOjjCG ||pie[^_ÐU|tu u1U|tu@ÐU|tu u@1U|tuu u@ Service unavailableU|tEPjjB Ѓu'Et Ph1USE] 1Ɋ8ut@[U,WVS] 11u1EEEEEEp URU҃}0BZ1ɅtHCtHACӃ;E]GUBttxoCp EPU҃~-SC1ɅtHCtHACӃ{t=EX][FUtps EPU҃w tpCtxD7CEUBUtrNt+pRuUtzOBt+xuUBCUEEC؍e[^_ÐU WVS}u t.t*EP6WÃts WU҅t1؍e[^_Out of Memory in si.Consistency Error in Tree Head in si.UWVS}u j{fÉ{ uhjhu(hjhj1t0URPWp WU҃ u1uCCrp WU҅}CBu"PS@t@@Bt@@StBC؍e[^_ÐU WVSu }W6EP:Ãs EP׃upu[WPEPË@C@ t PEЃ6dtt@@StBC1e[^_ÐUVS]M |;t7;Y|0,1tB9}9~)É؍XIu1[^UEu1t@@ÐUSUM Ӏ;t B:uABu[ÐUUЀ:t @8u)ÐUS]M Cu1A8tA)‰[ÐUWVS} u]tNtBCtIuutBu)B[^_AllocStr Out of Memory.U WVS}W?pV+cà tVWSk#hj h=j 1e[^_0123456789ABCDEF+UVSU Ѓ1Iy[^ÐUUB< vB<vB<w 1UE< v1ÐUus1Ҁ8u B<u~ÐUS] uC~)؋]0U,WVSM1ۅuj 5$h-T}5 gfff))1D+Cхu1Kx 2BKyƂe[^_ÐU,WVSu`ÃS]<EU u |,] )h29~D.0D.ONyփj EPhSe[^_ÐU WVS}11;tPC<;t;PMuډe[^_.UVSuEPP]SZhSL%P]PS2(hS$%P5PS (hSVPS$Sh[^ÐỦЉԉ؉܉(,0ÐUWVSuEU ME;5(}#(,00U ,M+5(EuZQ)9u8)9u&~UЉ{(Љƀ(3MPУ,3eE ȉ)9|Jȉ))(U 0 )9}E.‰)‹M))ƺų )‹M))ƺ)‹E))ƋE 0[^_/ :UWVSu} |PxPtPpPlPhPVEhP]ShV#SlPS(hX#Sjt/PSx(hZ#Sjjx PSS(hZ#SEj|PS.(hS jWPS$SH[^_Not SuspiciousUnknownMaybe Bad?Att. InfoLeakInfoLeakBig InfoLeakAtt. DoSDoSAtt. User PrivGainFail User PrivGainUser PrivGainAtt. Admin PrivGainAdmin PrivGainUEuh$uh$uh$uh$uh$u h$}u h$mu h$]u h$M u h$= u h$- u h % tPP h!%+ÐUEEjEPjxZÐUS]SIPSjXZ][?25lU4S]SjGZeEESjj#Zhq&][?25hU4S]SjYM ESjjYh&R5$5(j]ÐUSj]SjYj2FYjSjqY @vE]ÐUjEPuEYttE1U WVSu }13CG9}+EPBwu1< t< u3e[^_U WVS}] 1K $>F t9} t u>Q[^_ÐUEU UjURPvXUEU ;@}(;<}$ÐUS]< t< u(;@}@($q(< 0$ (<$$;<} @$ (;@}$@([US];tPC?;u]ÐUVSu] ;tPCV;ue[^VSu F]Chy)SP$j;~VP$jHee[^U,WVS}E h)PÃt Ãu|Ã[up1ۍuˆЈ3PCu3V[H1ۃˆЈ3PCu3V#HU e[^_ÐUSE1ۃSjEPEP CEPU 9tҋ]ÐUS1EjS}EPEPCEPU 9tҋ]ÐUMU <@ÐUQ<@<@P5U0<@@PU<@@PTD<@@PT4<@PT,<@T19}-0D A<@9|($ÐUS] C, t,;|[ÐUWVS} ] t8~/ C, tF9},;|[^_;HUVS]Cu Fhy)[SPL$h,?VP0$h,#e[^U WVSu}]E PV}t.h0-u.P$h5-+} W5<U 2Pe[^_U5,5jR,U,WVS,h-HEEE;@E1EE1<UBU9@E 408uڡD8t}}t?;EtfEPURVWEPuEEE 1;Eu D8tE]uEE}tz;Et3UREPVWURuEEE } ~;EEPUREPWUREE EF<9}tEPURVWEP UU;@b1%4D0A<@9|e[^_Uh0-1(0D4  A<@9|($ÐUS$2( (< 0ڊ  C<9|[UndefinedUInvalid compare mode!UVSU] u v&hj;h0j,1uu u3K$V$9uF(9C(t9F(9C(u K,F,ju K0F0Zu K4F4Hu K6F68u KF*uKFu KFuK F 9%re[^UWVS;Ut8EAC;UuA~[^_ÐUMU ut u :u13tu !tur p U WVSEE11}u } Uu M 9} tU :u }tuul%Ut4U p Up Qƃu EtGt1GUÅt-U p Mp W#ƃJ E Gu}u1e[^_ÐU WVSu} EfEx x fF1ېp p Su f FC~)X h0h6WSh6VSo tx uEfFfFh6V6j4p WKe[^_Out of Memory. (10)U WVSu} 6t(x t"h6VPjp h0h`2WVj 6KÃu%hjh4jfCfCfCh6Sp ?h0h6Vp bh`2WSsu4h6S3jp Lh`2WS ScJt x VGJe[^_ÐUS]t,;thh6Sp ;uSJ]ÐU WVS11ېE PEP4!u<t F~1e[^_ÐUWVS] EUPPjEPU:S 1tGSfIESZIE1E8 OU;tUFÃ;uEF~j8EPREEǃtuPP#E랐j@Dƃj DÃfCfCfCh6SV j@VRDǃ uVoDSfD =h`2E PSu#h`2U RSj􋅸PCthjh#9j[^_ÐUEM u u 1$tt 9t Bad sid-msg.map Filename.Unable to open sid-msg.map file.Out of Memory. (3)Out of Memory. (4)Duplicate SID!Out of Memory. (5)UWVSEDžuhjh=7jjPBhjOh(=j@1hj)hI=jhjh\=ڐhjh~=뾐hWPƃjAW<#t< t< ttFPAtډ)Cw;t<|tPAu;CVw,;=<|tCw <|u苅< Cw;<|u<;C4;>CFP@t>u>w)Cw;t <|t< t< u䋅9j)XS@BSVPh<E PR t&hjho=j ,h<E PRtP?thjnh#9j_[^_ÐUq8h<h@Records: () Files: SID-Map: Output File: Sort:EVNTTSDIPSIPSPDPSIDCLSPRI-Clps:SIP SP DIP DP SID CLS PRI Count Timestamp Source IP : Port Dest. IP : Port Alert Event SID Prio ClassificationUlWVSu] }EPEP jjh%ASP$h/AVPp$h2Ac1tGPPHh=A;u0hHA#u lEPj3hWA1 uhbA<3uheA<3uhiA<3uhmA<3uhpA~<3uhsAh<3uhwAR<3uh{A<hA,G'3$h]AEPjhA thAthAthA thAz@thAathAH=}hA/ jjJhA ] e[^_Out of Memory! (SidStr)UWVS}hhEh<E PhPƅphApVWPV$j:Ãu%hjrh-Ejc4&VcC;h<E PS@ @H[^_ Event Generator: Event Signature ID: Event Signature Revision: Event Classification: Event Priority: Event ID: Event Reference: Event Reference Time: Alert Timestamp: Source IP: - Destination IP: Source Port: Destination Port: Protocol: Flags: U WVSu] hFS69PS(h1FSvPS(hHFSvPS(heFSv PSv(h~FShvPSV(hFSHvPS6(hFS(vyPS(FV RPǃhFSWSW78F$V(RPǃhFSWSW8v,YǃhFSv,PShFSrWShW7v0ǃhFSDv0PS2(hFS$WSWe7hGSF4POPShGSF6P-PS(h)GSv8 PS(h6GSv<PS(h@GS|e[^_ÐAttempt to Display NULL Element! **.*.*.*: * : *.*.*.* : * * * UWVSE fEfU}u%hjhIjn}bjURMQPJ$h J=}(}~:jEPPhJ j VKyeUB P$H(QRƃjMQVVHà j C~V5}/{Et@jURhJa E/j KyeMA p, ƃjEPOVVà E/j JC~V\4]C9ESURMt hJ.h)JUB @4PP$h,Ju]E9EU} t=SMQ|h1J; Ej ~KyaUB p0ƃSMQ,VVvà Ej *C~V<3]C9ESEPft h;J1h)J{UB @6PPb$h,JU]E&9E5}@t1hDJ(u(j jKy]uMA pƃSEPVV_à u(j C~C9ESUR}~ hDJ"MA pPahKJT^F 9E:SEPift hRJ"UB pP hXJC9ESMQ}} hDJ!UB p?PhKJC9EMt*hDJ} j KyZUB p cƃSMQtV7Và j vC~V0e[^_UWVS} Ut#@E")EPR֐E;}~1UUEE9E4UUE9U2EPlƃt=V t2f9Btt xsh`2EPRuE+E9H1%f=U2E@PÃtstoV thK taf#Bf9uMPQRSu4h0h`2EPs Ps v \ rEU9Ue[^_ÐU WVSU1tx9} |E W]+]SE PUR(E U]1tx19u  }|9uu  jFP .E 9}JU2Pt3E PURU2PQ 1ۅtXSBPA 0  FE9^)e[^_ÐFunctions: (C)ollapse (E)xpand (S)ort (D)el (R)emove (M)erge (W)rite (Q)uitSort: (T)ime (S)ource (D)est. (A)lert (P)rio. (C)lass (E)ventSort Source: (I)p (P)ortSort Destination: (I)p (P)ortRemove adjacent: (S)ource (D)estination (A)lertRemove adjacent Source: (I)p (P)ortRemove adjacent Destination: (I)p (P)ortCollapse: (S)ource (D)estination (A)lert (P)riority (C)lassCollapse Source: (I)p (P)ortCollapse Destination: (I)p (P)ortWrite Feature Disabled in CEREBUS-LITE --press any key--CEREBUS-1.2L-dragos ruiuUUE H  ?$UUUU V$V [/path/to/SidMsg.map] [outfile] Use a wide terminal window to see all the fields. Make sure that your snort.conf file has enabled the unified alert output via: output alert_unified: snort.alert.filename Browse and filter the alerts with CEREBUS. Note that sort requests are cumulative and remove adjacent alert records work from the cursor down. --press any key to continue--UjjhX ApcÐUWVS} E7EP;p Mf#Ffu*h0h`2WVI@EUet@E9uh0h`2WVh`6h`2WSt U;P|}}PMQ蕿X 1ۅt*Ef#Ct!p p EPCpVEe[^_USjSqC@9|j@PI b ]Files Loaded:File to load: Additional Records loaded... -- press any key to continue --File not loaded... -- press any key to continue --U,WVSPPJjjah*] 16U2VX tj FPS FUt;p|} 9|jjh8] VjjhW<Pu W}ƃ~HjjV˿P=$hH]0hURWWPjj8h] K[^_ÐCEREBUS - Text snort unified alert browser/correlator V1.2L (c) 2002 dragos ruiu Usage: [/path/to/SidMsg.map] [outfile] ./sid-msg.map./cerebus.outNo SidMsg.map file! (default ./SidMsg.map)No Alerts!File: Alerts: Cannot write to output file! cU\WVS} EEEEEEEٿhH_jbf7h_j8E 0j)h_jjDE_~ U RUE`~ E @ E]SUR"ƃu)hjh(`jjEP]SE p~ƃu)hjvhS`jgjh]SU r E1tpE؉EUԉUhhEPWǃh^`WU rWhe`WV&PW(h@GW1ۃ9u}(uS`W@ p C9|ۃW"hjeho`jV }EPURu܋E1҅tPRVEPURuj3uȃ E1tp+Eԃ9E~E9u|FEЃUREPuVUREPuuЋEԃPju̍UR /^j2IƒBvBo$cplwlplwlewlwlwlwlwlwlwlwlwlwlwlwlwlwllwlwlwlwlplwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlwlkkwlwlwlwlwlwlwlwlwlwlff gghkwlkhwlwlwlPiwlwli(ljjkwlwlDkwlwlwllwlwlwlwlwlfwl gghwlwlwlhwlwlwlPiwlwli(ljjkwlwlDk[EPURu܋E1҅tPRVfEPuuЋEԃPju̍UR } u&EЅuE̅HEHEy}u"VjURuԍEPEP R}u"jEPEEP9)])ރ(}u!@t$ @ffEuj} ,EԍHU9~)ȋU9} 9}BŰUԃ F9BU}uEujh}u*tffA}VjEPuԍEPEPEujO}u"jUREEP)])}uEuj}uEuj}E uj t}u%ffVVjEP}3VjURuԍEPEPE j}uVjUR}u"VjEPuԍEPEPx }ujUR}u"jEPEEP)])ރD}ut$! } u!t$ ffEuj?}uUREPV]ȃuԋUR}u Vj"}uVjUR}u"VjEPuԍEPEPh }ujUR}u"jEPEEP)])ރh}u=} %H ?}ut$! } u! t$ ffEuj\}uEuԋUR}uE}uE}uE}E}VjURuԍEPEPEuj8Q}Huj 賻Euj } ulEc} u\Eԃ)‰UM} uDUԃẺẺ)9|)M$} u EԃU)‰ЉE̅}E"E} E }uxE o}tEujOj .kh`j E} uEuԋEPUREPuVUREPuuЋEԃPju̍UR kU8P8С88uÐUS@u1=DtD@:uÅt @Kuhl]ÐU=unB,v_,~y,,|,,{,M,Z,,h,ƀG,΀l,ր,6.B09p,M-A"#?#7%-5eGy;\ J!XGY.']8 (>$0D 12* & H)/+,3RI f"N$4%<&@';(Q)5*:+a/E1=2l3P4C6S7U8F9^:Z<=L>?h@[ATBvCODqEKFp~HI`JnKYLcMWNVOdPbQRSTiUmVgW_XZ[\]k^_{`atbcjdzesfghoirjkulmwnoqxrstuvwx|y}z{|}~ `'4$ *(5= C,N,X-a l's PL!\ |))Ԁ@<lH|[$ .x09@H0&O2\mo(+y\#dJ 2D+5**' 0`60% < ]'-169