[Bro-Dev] [JIRA] (BIT-1138) UDP scan detection generates a large number of triggers

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Fri Feb 21 12:13:37 PST 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15581#comment-15581 ] 

Robin Sommer commented on BIT-1138:
-----------------------------------

The CPU spikes worry me quite a bit. I can't quite tell if there's a pattern to it, i.e., if they come in regular intervals, and in particular if they align with the sumstats interval?

> UDP scan detection generates a large number of triggers
> -------------------------------------------------------
>
>                 Key: BIT-1138
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1138
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>             Fix For: 2.3
>
>         Attachments: CPU-all-scan-policies.png, Memory-All-Scan-Policies.png
>
>
> These triggers then cause high CPU load. We had a fix already but I'm not sure if it has been confirmed that it solved the problem?



--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)


More information about the bro-dev mailing list