[Bro] Redefining the email application

James Lay jlay at slave-tothe-box.net
Mon Oct 13 13:30:22 PDT 2014

On 2014-10-13 12:08, Clark, Gilbert wrote:
> Hi James:
> Disclaimer: I've never done this before, so the following may be
> completely wrong.  with that said ...
> In base/frameworks/notice/main.bro, there is a function called
> 'email_notice_to'.  In this function, there is a call that looks like
> this:
>     piped_exec(fmt("%s -t -oi", sendmail), email_text);
> piped_exec is, I think, what actually makes the call to sendmail,
> where sendmail is defined to be (in the same file):
>     ## Local system sendmail program.
>     ##
>     ## Note that this is overridden by the BroControl SendMail 
> option.
>     const sendmail            = "/usr/sbin/sendmail" &redef;
> So, based on the above, I can see a few options:
> * Use an application with sendmail compatibility and redefine
> Notice::sendmail to point to that
> * Maybe check broctl's SendMail option to make sure it's not
> overwriting the value you'd like (since it mentions that broctl takes
> precedence in the comment above)?
> * If neither of the above work, symlink /usr/bin/sendmail to the
> actual application you're trying to forward the mail to and see if
> that works?
> * If the above isn't an option, write a shim that accepts the -t -oi
> options and forwards the body of the mail to the desired application
> * If none of the above work, maybe modify email_notice_to to make a
> different piped_exec() call?  Note that this might be bad because
> changes would be lost at upgrade ...
> Hope something in there is useful.
> -Gilbert
> ________________________________________
> From: bro-bounces at bro.org <bro-bounces at bro.org> on behalf of James
> Lay <jlay at slave-tothe-box.net>
> Sent: Monday, October 13, 2014 1:36 PM
> To: bro at bro-ids.org
> Subject: [Bro] Redefining the email application
> Hey All,
> I've been trying to figured out how to get a different application as
> the sendmail app.  I've not been able to find anything for this, so 
> I'm
> coming here for an assist.  If not being able to redefine sendmail to
> something different, is there a way I can instead fire off a script 
> that
> will run my email application instead?  I've looked at:
> https://www.bro.org/sphinx/scripts/base/frameworks/notice/main.bro.html
> For a while now, but I'm not able to figure it out.  Thanks for any
> assistance.
> James

Thanks for looking at this Gilbert...that helps.


More information about the Bro mailing list