[Bro] No email notices after updating to 2.5
daniel.manzo at bayer.com
Thu Mar 23 07:52:46 PDT 2017
After installing Bro 2.5 via rpm on RHEL 7.3 (and running bro with broctl), I no longer receive "Dropped Packets" and "Invalid_Server_Cert" email notices that I would receive almost daily when running Bro 2.4. I still receive connection summaries every hour, which is the same as 2.4. While looking into this problem, I noticed that Bro is no longer generating the notice.log or reporter.log nearly as often as it was before. I understand that it could be possible that these problems are no longer being triggered, but I find it very hard to believe that there are no dropped packets or invalid server certs anymore. A custom script that sends an email notice when Bro is started and when Bro is stopped works fine, so I'm not sure why the other alerts wouldn't be working .Any and all help is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro