[Bro-Dev] On the topic of MailTo/MailAlarmsTo...

Robin Sommer robin at icir.org
Mon Dec 17 16:52:23 PST 2012


On Wed, Dec 12, 2012 at 00:18 +0000, you wrote:

> - Bro Notice::ACTION_EMAIL -> MailTo
> - Bro Notice::ACTION_ALARM -> MailAlarmsTo (only sent as summaries) 
> - broctl summarize-connections -> MailTo
> - broctl crash reports -> MailTo
> - broctl cron output -> MailTo

So, yeah, that looks like we need third category, but maybe we one for
the summaries. How about this:

     - Bro Notice::ACTION_EMAIL     -> MailTo
     - Bro Notice::ACTION_ALARM     -> MailSummariesTo
     - broctl summarize-connections -> MailSummariesTo
     - broctl crash reports         -> MailAdminTo
     - broctl cron output           -> MailAdminTo

MailSummariesTo and MailAdminTo would default to MailTo.

?

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org


More information about the bro-dev mailing list