[Bro] intel.log file stops getting generated.
fatema.bannatwala at gmail.com
Tue Jan 24 11:20:44 PST 2017
Running Bro 2.5, everything is working except intel.log file stop getting
Last event in that file was around 12:45pm today, and after it got rotated,
I didn't see intel.log for 1pm hour and still no log for intel.log in the
current log dir.
Don't know why all of a sudden intel.log stopped geting generated.
1. The conn.log, and seeing the connections from IPs listed as bad in intel
$ less bad-IP.intel | grep "61.240.xx.yy"
61.240.xx.yy Intel::ADDR scanner 85 csirtg.io
$ less conn.log | grep "22.214.171.124"
1485280794.930507 CzUCmv3TFKLcYxFps1 61.240.xx.yy 40805
126.96.36.199 8081 tcp - - - - S0 F
T 0 S 1 40 0 0 ( empty)
2. Permissions on the intel input files are fine,i.e bro readable.
3. No major activity related to Bro happened during 12:45ish, that can
impact any Bro processing.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro