[Bro] intel.log file stops getting generated.
fatema bannatwala
fatema.bannatwala at gmail.com
Wed Jan 25 13:43:24 PST 2017
Alrighty, yeah was looking into how to configure the script according to
the environment.
It appears that we have to define the list of allocated subnets in the
network,
as landmine works on watching connections which are not in allocated
subnets.
Defining the allocated subnets is a pain, have a whole lot list of subnets
that are allocated and
have just couple of subnets that constitute the darknet, hence was tweaking
around the scripts to change that setting
from defining allocated subnets to rather defining un-allocated subnets,
which is much easier.
Thanks,
Fatema.
On Wed, Jan 25, 2017 at 4:27 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
>
> > On Jan 25, 2017, at 4:23 PM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> >
> > Ah, makes sense, yes port 23 is getting blocked at the border, hence Bro
> wouldn't be seeing any traffic to port 23... :)
> > Disabled the scan.bro file. Is there any other script(s) that can be
> used in place of scan.bro , i.e scan-NG would also have same effect as well?
> > Thanks Justin for the help to troubleshoot the issue, will keep an eye
> on the sensors for any performance hit for next 24 hours.
>
> scan-NG will work a lot better than scan.bro. I have a version that is
> kind of like 'scan-ng-lite' but from a users point of view it doesn't add
> much over scan-NG, so you should just use that.
>
>
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170125/34f388c7/attachment.html
More information about the Bro
mailing list