Im use bro v0.9a2
on fbsd v4.9r
I run bro with :
/usr/local/bin/bro09a2_nodns -i fxp1 bro.init mt http-request http-reply
but I don't have scan detect
and I don't have scan.log.
I have log.log, http.log, ftp.log, weird.log.
I have tested with policy/scan.bro : 25 -> 5
const possible_port_scan_thresh = 5 &redef;
but no result.
Normaly, scan analyzer is loaded on mt.bro policy. (default)
I have added scan in start cmd :
/usr/local/bin/bro09a2_nodns -i fxp1 bro.init mt http-request http-reply scan
Possible help me ?
I have second question,
How searching old email on bro list ?
PS: prelude and snort detect scan, yes I run scan test, and receive scan ...