[Bro-Dev] #811: Redefing Notice::policy in local.bro not removing default notice action
Bro Tracker
bro at tracker.bro-ids.org
Tue Apr 17 08:47:10 PDT 2012
#811: Redefing Notice::policy in local.bro not removing default notice action
-------------------------+-------------------------------------------------
Reporter: will | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.1 | Component: Bro
Version: 2.0 | Keywords: Notice, action, redef,
| PacketFilter::Dropped_Packets
-------------------------+-------------------------------------------------
Redefining the 'Notice::policy' adds an additional notice action, vice
replacing the default notice action.
redef Notice::policy += { [$pred(n: Notice::Info) = {return n$note ==
PacketFilter::Dropped_Packets; }, $action = Notice::ACTION_NONE] };
Example: "Notice::ACTION_NONE,Notice::ACTION_LOG"
1334676573.295616 - - - - - -
PacketFilter::Dropped_Packets 3479 packets dropped after filtering,
163199 received, 162958 on link - - - - -
worker-2 Notice::ACTION_NONE,Notice::ACTION_LOG 9,11,3
3600.000000 F
This requires that '$halt=T' be added to the redef:
redef Notice::policy += { [$pred(n: Notice::Info) = {return n$note ==
PacketFilter::Dropped_Packets; }, $action = Notice::ACTION_NONE, $halt =
T] };
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/811>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list