[Bro] Worker System Memory Exhaustion
Azoff, Justin S
jazoff at illinois.edu
Fri Apr 6 13:45:50 PDT 2018
> On Apr 6, 2018, at 4:31 PM, Greg Grasmehr <greg.grasmehr at caltech.edu> wrote:
>
> I think Justin hit the nail on the head, we monitor two full /16, 3 /24
> and 2 partial /16, in front of any local FW devices; similar to LBL.
> Commenting out misc/scan did the trick, memory is now being freed as one
> would expect.
>
> We already know we have TONS of scanners traversing the network, so
> probably don't need this at all although I am interested in hearing of
> good alternatives.
>
> Thanks again everyone, greatly appreciate the help.
>
> Greg
https://github.com/ncsa/bro-simple-scan
https://github.com/initconf/scan-NG
both are available in bro-pkg. I'm obviously partial to simple-scan, but
Aashish is closer to you if you need someone to blame if it breaks :-)
—
Justin Azoff
More information about the Bro
mailing list