From 9c8db5f6caafdff1a33ade608aeafeeeef21fc9c Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Mon, 16 Sep 2019 10:50:47 -0700
Subject: [PATCH] Stop loading scan detection in local.zeek by default

---
 CHANGES                                      | 4 ++++
 NEWS                                         | 3 +++
 VERSION                                      | 2 +-
 scripts/site/local.zeek                      | 5 +++--
 testing/btest/scripts/site/local-compat.test | 5 +++--
 5 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 552df201ae..512f6d082a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+3.1.0-dev.102 | 2019-09-16 10:50:47 -0700
+
+  * Stop loading scan detection in local.zeek by default (Jon Siwek, Corelight)
+
 3.1.0-dev.98 | 2019-09-04 16:28:01 -0700
 
   * Update Broker include dir search path (Jon Siwek, Corelight)
diff --git a/NEWS b/NEWS
index 59a205dbf4..b94763dde6 100644
--- a/NEWS
+++ b/NEWS
@@ -485,6 +485,9 @@ Changed Functionality
   before it is disabled; the default is set to 5. This behavior is customizable using
   ``DPD::max_violations`` and ``DPD::ignore_violations``.
 
+- The scan detection script, ``policy/misc/scan``, is no longer loaded by
+  default in ``site/local.zeek`` due to it frequenty causing performance issues.
+
 Removed Functionality
 ---------------------
 
diff --git a/VERSION b/VERSION
index 53469ff065..505c5388b3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.1.0-dev.98
+3.1.0-dev.102
diff --git a/scripts/site/local.zeek b/scripts/site/local.zeek
index 97a8f078de..221b94458e 100644
--- a/scripts/site/local.zeek
+++ b/scripts/site/local.zeek
@@ -14,8 +14,9 @@
 # Enable logging of memory, packet and lag statistics.
 @load misc/stats
 
-# Load the scan detection script.
-@load misc/scan
+# Load the scan detection script.  It's disabled by default because
+# it often causes performance issues.
+#@load misc/scan
 
 # Detect traceroute being run on the network. This could possibly cause
 # performance trouble when there are a lot of traceroutes on your network.
diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test
index 04b979a4de..e869ea5eb3 100644
--- a/testing/btest/scripts/site/local-compat.test
+++ b/testing/btest/scripts/site/local-compat.test
@@ -32,8 +32,9 @@
 # Enable logging of memory, packet and lag statistics.
 @load misc/stats
 
-# Load the scan detection script.
-@load misc/scan
+# Load the scan detection script.  It's disabled by default because
+# it often causes performance issues.
+#@load misc/scan
 
 # Detect traceroute being run on the network. This could possibly cause
 # performance trouble when there are a lot of traceroutes on your network.