[Bro] Configuring MAIL FROM:

Castle, Shane scastle at bouldercounty.org
Wed Dec 5 11:45:25 PST 2012


I browsed some of the broctl doc online, and glanced at the source code, and what Seth says is correct - the mods to broctl.cfg should have done the job. I can only surmise that the broctl.cfg you modified was not the one that was being used, or perhaps the wash-rinse-spin sequence failed somehow.

Hmm the only thing I can't find is how the Notice::mail_from var is set given the info in the mailfrom config var. That one escapes me. Running "broctl config" shows it but it is not what is being used by Notice, as far as I can tell.

-- 
Shane Castle
Data Security Mgr, Boulder County IT


-----Original Message-----
From: Seth Hall [mailto:seth at icir.org] 
Sent: Wednesday, December 05, 2012 07:19
To: Paul Halliday
Cc: Castle, Shane; Seth Hall; bro at bro-ids.org
Subject: Re: [Bro] Configuring MAIL FROM:


On Dec 5, 2012, at 9:16 AM, Paul Halliday <paul.halliday at gmail.com> wrote:

>>       redef Notice::mail_from = "Big Brother <bro at host.domain.ca>";


The mailfrom (or MailFrom, it's case insensitive) option in broctl.cfg actually sets this same variable.  It's likely overwriting what you are setting in local.bro anyway. :)

Glad it's working now.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/





More information about the Bro mailing list