[Bro] Debugging Bro Scripts Where action = Notice::ACTION_EMAIL
seth at icir.org
Wed Aug 29 10:06:48 PDT 2012
On Aug 28, 2012, at 6:12 PM, Chris Crawford <christopher.p.crawford at gmail.com> wrote:
> redef Notice::mail_dest = "alert at email.com";
> in a custom Bro script doesn't appear to override the value specified
> by the MailTo variable set in etc/broctl.cfg .
Yes, this is an unfortunate side effect to automatically changing settings through BroControl. I believe that the documentation has been updated for 2.1 to clarify which variables are affected. I still don't think we are completely sure the direction this will go long term, but it is definitely unclear at the moment.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro