[Bro-Dev] [JIRA] (BIT-1063) Patch for documentation
Robin Sommer (JIRA)
jira at bro-tracker.atlassian.net
Thu Aug 22 09:00:31 PDT 2013
[ https://bro-tracker.atlassian.net/browse/BIT-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13707#comment-13707 ]
Robin Sommer commented on BIT-1063:
-----------------------------------
Thanks. I've applied this to a separate documentation branch that's currently in progress, it will show in master once that's merged (should be soon).
> Patch for documentation
> -----------------------
>
> Key: BIT-1063
> URL: https://bro-tracker.atlassian.net/browse/BIT-1063
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: Website
> Affects Versions: git/master
> Reporter: Anthony Verez
> Attachments: 0001-Docs-fix.patch
>
>
> I fixed examples, a link and a typing error in the docs for the git/master version. Great docs btw ;-)
> Patch:
> diff --git a/doc/notice.rst b/doc/notice.rst
> index 76d5bcd..b4b375c 100644
> --- a/doc/notice.rst
> +++ b/doc/notice.rst
> @@ -98,9 +98,9 @@ type :bro:see:`SSH::Password_Guessing` if the server is 10.0.0.1:
> .. note::
> - Keep in mind that the semantics of the SSH::Password_Guessing notice are
> - such that it is only raised when Bro heuristically detects a failed
> - login.
> + Keep in mind that the semantics of the :bro:see:`SSH::Password_Guessing`
> + notice are such that it is only raised when Bro heuristically detects
> + a failed login.
> Hooks can also have priorities applied to order their execution like events
> with a default priority of 0. Greater values are executed first. Setting
> @@ -339,7 +339,7 @@ included below.
> hook Notice::policy(n: Notice::Info)
> {
> if ( n?$conn && n$conn?$http && n$conn$http?$host )
> - n$email_body_sections[|email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);
> + n$email_body_sections[|n$email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);
> }
> @@ -348,7 +348,7 @@ Cluster Considerations
> As a user/developer of Bro, the main cluster concern with the notice framework
> is understanding what runs where. When a notice is generated on a worker, the
> -worker checks to see if the notice shoudl be suppressed based on information
> +worker checks to see if the notice should be suppressed based on information
> locally maintained in the worker process. If it's not being
> suppressed, the worker forwards the notice directly to the manager and does no more
> local processing. The manager then runs the :bro:see:`Notice::policy` hook and
> diff --git a/doc/quickstart.rst b/doc/quickstart.rst
> index 9f64e36..b5ac4ee 100644
> --- a/doc/quickstart.rst
> +++ b/doc/quickstart.rst
> @@ -270,14 +270,11 @@ that only takes the email action for SSH logins to a defined set of servers:
> 192.168.1.102,
> } &redef;
> - redef Notice::policy += {
> - [$action = Notice::ACTION_EMAIL,
> - $pred(n: Notice::Info) =
> - {
> - return n$note == SSH::Login && n$id$resp_h in watched_servers;
> - }
> - ]
> - };
> + hook Notice::policy(n: Notice::Info)
> + {
> + if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers )
> + add n$actions[Notice::ACTION_EMAIL];
> + }
> You'll just have to trust the syntax for now, but what we've done is
> first declare our own variable to hold a set of watched addresses,
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://bro-tracker.atlassian.net/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the bro-dev
mailing list