Stop loading scan detection in local.zeek by default

CHANGES

@@ -1,4 +1,8 @@
 
+3.1.0-dev.102 | 2019-09-16 10:50:47 -0700
+
+  * Stop loading scan detection in local.zeek by default (Jon Siwek, Corelight)
+
 3.1.0-dev.98 | 2019-09-04 16:28:01 -0700
 
   * Update Broker include dir search path (Jon Siwek, Corelight)

NEWS

@@ -485,6 +485,9 @@ Changed Functionality
   before it is disabled; the default is set to 5. This behavior is customizable using
   ``DPD::max_violations`` and ``DPD::ignore_violations``.
 
+- The scan detection script, ``policy/misc/scan``, is no longer loaded by
+  default in ``site/local.zeek`` due to it frequenty causing performance issues.
+
 Removed Functionality
 ---------------------
 

VERSION

@@ -1 +1 @@
-3.1.0-dev.98
+3.1.0-dev.102

scripts/site/local.zeek

@@ -14,8 +14,9 @@
 # Enable logging of memory, packet and lag statistics.
 @load misc/stats
 
-# Load the scan detection script.
-@load misc/scan
+# Load the scan detection script.  It's disabled by default because
+# it often causes performance issues.
+#@load misc/scan
 
 # Detect traceroute being run on the network. This could possibly cause
 # performance trouble when there are a lot of traceroutes on your network.

testing/btest/scripts/site/local-compat.test

@@ -32,8 +32,9 @@
 # Enable logging of memory, packet and lag statistics.
 @load misc/stats
 
-# Load the scan detection script.
-@load misc/scan
+# Load the scan detection script.  It's disabled by default because
+# it often causes performance issues.
+#@load misc/scan
 
 # Detect traceroute being run on the network. This could possibly cause
 # performance trouble when there are a lot of traceroutes on your network.