[Bro] scan.bro and missing log entries
Robin Sommer
robin at icir.org
Thu Dec 2 13:31:36 PST 2010
On Thu, Dec 02, 2010 at 09:30 -0800, Gregor Maier wrote:
> It might be the ConnectionCompressor,
The connection compressor may be blamed for some issues, but not for
everything. :-)
Even if the compressor kicks in, the connections will still show up
in conn.log, and they will be counted by the scan detector.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list