[Bro] Alarms in 2.0
baxterw3232 at gmail.com
Thu Apr 12 07:49:51 PDT 2012
On Wed, Apr 11, 2012 at 4:47 PM, Justin Azoff <JAzoff at albany.edu> wrote:
> On Wed, Apr 11, 2012 at 03:29:28PM -0600, Tyler T. Schoenke wrote:
>> Two questions regarding Alarms in 2.0.
>> First, I created a signature and wanted to reduce the frequency that it
>> fires. Does anyone have sample code for SIG_ALARM_PER_ORIG or some
>> other way to send out a single alarm per source IP?
> It looks like you are supposed to do something like
> redef Signatures::actions += [ ["sig_id"] = SIG_ALARM_PER_ORIG ];
This worked once I added the "Signatures" module to the SIG_ALARM_PER_ORIG.
redef Signatures::actions += [ ["sig_id"] = Signatures::SIG_ALARM_PER_ORIG ];
> -- Justin Azoff
> -- Network Security & Performance Analyst
> Bro mailing list
> bro at bro-ids.org
More information about the Bro