[Bro] Bro reports zero hosts scanned
Bill Link
bill at sdsc.edu
Mon Dec 11 13:11:56 PST 2006
I am currently running Bro 1.1 and have found scan summaries
recording zero hosts scanned in my notice logs. This seems to
be a new problem, I haven't seen evidence of it in log files from
previous versions of Bro.
Here is an example of the messages I am getting:
notice.smog.06-12-10_14.29.29-06-12-11_00.00.00:t=1165824021.887450
no=TRWScanSummary na=NOTICE_ALARM_ALWAYS sa=198.95.226.192
msg=198.95.226.192\ scanned\ a\ total\ of\ 0\ hosts
notice.smog.06-12-10_14.29.29-06-12-11_00.00.00:t=1165824021.887450
no=ScanSummary na=NOTICE_EMAIL sa=67.161.137.231 num=0
msg=67.161.137.231\ scanned\ a\ total\ of\ 0\ hosts
notice.smog.06-12-10_14.29.29-06-12-11_00.00.00:t=1165824021.887450
no=TRWScanSummary na=NOTICE_ALARM_ALWAYS sa=137.110.134.151
msg=137.110.134.151\ scanned\ a\ total\ of\ 2\ hosts
notice.smog.06-12-10_14.29.29-06-12-11_00.00.00:t=1165824021.887450
no=TRWScanSummary na=NOTICE_ALARM_ALWAYS sa=221.113.211.235
msg=221.113.211.235\ scanned\ a\ total\ of\ 0\ hosts
notice.smog.06-12-10_14.29.29-06-12-11_00.00.00:t=1165824021.887450
no=TRWScanSummary na=NOTICE_ALARM_ALWAYS sa=59.117.181.165
msg=59.117.181.165\ scanned\ a\ total\ of\ 0\ hosts
Bill
--
=====================================================================
William J. Link
Security/Systems Programmer
Security Technologies Group
San Diego Supercomputer Center
University of California, San Diego bill at sdsc.edu
SDSC, MC 0505 Phone: (858) 822-0851
9500 Gilman Drive FAX: (858) 534-5077
La Jolla, CA 92093-0505
=====================================================================
More information about the Bro
mailing list