[Bro] Debugging Bro Scripts Where action = Notice::ACTION_EMAIL
Liam.Randall at gigaco.com
Wed Aug 29 10:58:49 PDT 2012
Might be a useful feature if someone were to integrate bro as a Cuckoo
box plugin or in a sandnet of some sort. Just a thought.
From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf
Of Seth Hall
Sent: Wednesday, August 29, 2012 1:10 PM
To: Chris Crawford
Cc: bro at bro-ids.org
Subject: Re: [Bro] Debugging Bro Scripts Where action =
On Aug 28, 2012, at 4:22 PM, Chris Crawford
<christopher.p.crawford at gmail.com> wrote:
> If you plan to test a new script where you expect it to send an email
> via the Notice framework, I recommend that you send traffic that ought
> to should trigger an email alert over the wire.
Why are you looking to send an email while reading a tracefile? The
same notice will be in the notice.log.
I do agree that we should output a reporter message if someone tries to
send an email while reading a tracefile though, we just can't sneak that
feature into 2.1 but I'll file a ticket for it.
International Computer Science Institute
(Bro) because everyone has a network
Bro mailing list
bro at bro-ids.org
More information about the Bro