[Bro] Alarms in 2.0

Tyler T. Schoenke tyler.schoenke at colorado.edu
Wed Apr 11 14:29:28 PDT 2012

Two questions regarding Alarms in 2.0.

First, I created a signature and wanted to reduce the frequency that it
fires.  Does anyone have sample code for SIG_ALARM_PER_ORIG or some
other way to send out a single alarm per source IP?

Second, I configured the MailAlarmsTo setting, but the Alarms are still
going to the MailTo (bromessage@) address.  I also tried setting
MailAlarms = True.   What am I doing wrong?



Tyler Schoenke
Network Security Manager
IT Security Office
University of Colorado at Boulder

More information about the Bro mailing list