[Bro] processing all Notices

David Mandelberg david at mandelberg.org
Fri May 3 15:59:07 PDT 2013


Is there a good way to process all Notices without having any effect on
the Notices? Something like "event new_notice(n: Notice::Info)" would be

(I'm trying to write a script to correlate multiple Notices and modify
firewall rules as appropriate.)

David Eric Mandelberg / dseomn

More information about the Bro mailing list