[Bro-Dev] Making scan.bro great again.

I took a closer look at scan-NG and at the scan.bro that shipped with 1.5 to understand how the detection could be better than what we have now. 1.5 wasn't fundamentally better, but compared to what we are doing now it has an unfair advantage :-) I found that it used tables like this:

Re: [Bro-Dev] testing topic/dnthayer/ticket1627

You simply need to copy/paste your manager section in node.cfg and change manager to logger, so you should end up with something like this: [manager] type=manager host=1.2.3.4 [logger] type=logger host=1.2.3.4 -- - Justin Azoff > On Jul 29, 2016, at 5:48 PM, Aashish Sharma

[Bro-Dev] testing topic/dnthayer/ticket1627

HI Daniel, Are there any specific node.cfg settings or broctl.cfg settings to run the Logging node ? Could you please point me to the right locations. Thanks, Aashish ___ bro-dev mailing list bro-dev@bro.org