[Bro] intel.log file stops getting generated.
Azoff, Justin S
jazoff at illinois.edu
Wed Jan 25 13:27:53 PST 2017
> On Jan 25, 2017, at 4:23 PM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>
> Ah, makes sense, yes port 23 is getting blocked at the border, hence Bro wouldn't be seeing any traffic to port 23... :)
> Disabled the scan.bro file. Is there any other script(s) that can be used in place of scan.bro , i.e scan-NG would also have same effect as well?
> Thanks Justin for the help to troubleshoot the issue, will keep an eye on the sensors for any performance hit for next 24 hours.
scan-NG will work a lot better than scan.bro. I have a version that is kind of like 'scan-ng-lite' but from a users point of view it doesn't add much over scan-NG, so you should just use that.
--
- Justin Azoff
More information about the Bro
mailing list