[Bro-Dev] [JIRA] (BIT-1063) Patch for documentation

Anthony Verez (JIRA) jira at bro-tracker.atlassian.net
Wed Aug 21 11:18:31 PDT 2013

Anthony Verez created BIT-1063:

             Summary: Patch for documentation
                 Key: BIT-1063
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1063
             Project: Bro Issue Tracker
          Issue Type: Patch
          Components: Website
    Affects Versions: git/master
            Reporter: Anthony Verez

I fixed examples, a link and a typing error in the docs for the git/master version. Great docs btw ;-)


diff --git a/doc/notice.rst b/doc/notice.rst
index 76d5bcd..b4b375c 100644
--- a/doc/notice.rst
+++ b/doc/notice.rst
@@ -98,9 +98,9 @@ type :bro:see:`SSH::Password_Guessing` if the server is

 .. note::

-    Keep in mind that the semantics of the SSH::Password_Guessing notice are
-    such that it is only raised when Bro heuristically detects a failed
-    login.
+    Keep in mind that the semantics of the :bro:see:`SSH::Password_Guessing`
+    notice are such that it is only raised when Bro heuristically detects
+    a failed login.

 Hooks can also have priorities applied to order their execution like events
 with a default priority of 0.  Greater values are executed first.  Setting
@@ -339,7 +339,7 @@ included below.
     hook Notice::policy(n: Notice::Info)
       if ( n?$conn && n$conn?$http && n$conn$http?$host )
-        n$email_body_sections[|email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);
+        n$email_body_sections[|n$email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);

@@ -348,7 +348,7 @@ Cluster Considerations

 As a user/developer of Bro, the main cluster concern with the notice framework
 is understanding what runs where. When a notice is generated on a worker, the
-worker checks to see if the notice shoudl be suppressed based on information
+worker checks to see if the notice should be suppressed based on information
 locally maintained in the worker process. If it's not being
 suppressed, the worker forwards the notice directly to the manager and does no more
 local processing. The manager then runs the :bro:see:`Notice::policy` hook and
diff --git a/doc/quickstart.rst b/doc/quickstart.rst
index 9f64e36..b5ac4ee 100644
--- a/doc/quickstart.rst
+++ b/doc/quickstart.rst
@@ -270,14 +270,11 @@ that only takes the email action for SSH logins to a defined set of servers:,
     } &redef;

-    redef Notice::policy += {
-        [$action = Notice::ACTION_EMAIL,
-         $pred(n: Notice::Info) =
-            {
-            return n$note == SSH::Login && n$id$resp_h in watched_servers;
-            }
-        ]
-    };
+    hook Notice::policy(n: Notice::Info)
+        {
+        if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers )
+             add n$actions[Notice::ACTION_EMAIL];
+        }

 You'll just have to trust the syntax for now, but what we've done is
 first declare our own variable to hold a set of watched addresses,

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://bro-tracker.atlassian.net/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the bro-dev mailing list