[JIRA] (BIT-1138) UDP scan detection generates a large number of triggers

Robin, All:

Here are the graphs for a run of all scan policies (OldScan + new scan.bro, scan_udp.bro, scan_icmp.bro) from a run on a freebsd 9.1 box for approximate 3 day duration.

Memory footprint continues to grow but I have noticed on other systems that memory flattens out around 11G range (after 9 day uninterrupted run).

CPU is surprisingly low at on this host. (Attached graph). However on other boxes I have seen CPU being high as time progresses.

It seems to me that scan_udp fix is probably working looking at this one data point. I will enable these on other DMZ boxes and lets see if we see same results.