[Bro] intel.log file stops getting generated.
fatema bannatwala
fatema.bannatwala at gmail.com
Tue Jan 24 11:20:44 PST 2017
Hi All,
Running Bro 2.5, everything is working except intel.log file stop getting
generated.
Last event in that file was around 12:45pm today, and after it got rotated,
I didn't see intel.log for 1pm hour and still no log for intel.log in the
current log dir.
Don't know why all of a sudden intel.log stopped geting generated.
I checked:
1. The conn.log, and seeing the connections from IPs listed as bad in intel
feed.
$ less bad-IP.intel | grep "61.240.xx.yy"
61.240.xx.yy Intel::ADDR scanner 85 csirtg.io
$ less conn.log | grep "61.240.144.65"
1485280794.930507 CzUCmv3TFKLcYxFps1 61.240.xx.yy 40805
128.4.107.206 8081 tcp - - - - S0 F
T 0 S 1 40 0 0 ( empty)
2. Permissions on the intel input files are fine,i.e bro readable.
3. No major activity related to Bro happened during 12:45ish, that can
impact any Bro processing.
Any leads/suggestions?
Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170124/3bea3163/attachment.html
More information about the Bro
mailing list