[Bro] Debugging Bro Scripts Where action = Notice::ACTION_EMAIL

Liam Randall Liam.Randall at gigaco.com
Wed Aug 29 10:58:49 PDT 2012


Seth, 

Might be a useful feature if someone were to integrate bro as a Cuckoo
box plugin or in a sandnet of some sort.  Just a thought.

Liam

-----Original Message-----
From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf
Of Seth Hall
Sent: Wednesday, August 29, 2012 1:10 PM
To: Chris Crawford
Cc: bro at bro-ids.org
Subject: Re: [Bro] Debugging Bro Scripts Where action =
Notice::ACTION_EMAIL


On Aug 28, 2012, at 4:22 PM, Chris Crawford
<christopher.p.crawford at gmail.com> wrote:

> If you plan to test a new script where you expect it to send an email 
> via the Notice framework, I recommend that you send traffic that ought

> to should trigger an email alert over the wire.

Why are you looking to send an email while reading a tracefile?  The
same notice will be in the notice.log.  

I do agree that we should output a reporter message if someone tries to
send an email while reading a tracefile though, we just can't sneak that
feature into 2.1 but I'll file a ticket for it.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/


_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list