[Bro] Empty reports!!

Angelita de Cássia Corrêa angelita at uol.com.br
Wed Jul 6 12:37:01 PDT 2005 

Brian,

I already tested whit debug level: 3, 4 and 5.

About the notice mail: I changed the notice.bro like the document says and
defined the mail_dest with my email address. But I didn't received any
notice mail . If I run the mail_notice.sh script I receive an email
correctly, but empty.

What can I do?

Thanks
Angelita

----- Original Message ----- 
From: "Brian Tierney" <BLTierney at lbl.gov>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Cc: <Bro at bro-ids.org>
Sent: Tuesday, July 05, 2005 4:34 PM
Subject: Re: [Bro] Empty reports!!



On Jul 5, 2005, at 7:07 AM, Angelita de Cássia Corrêa wrote:

> Thanks, but the reports didn't function correctly. I followed your
> tips.
>

If you send us the output of the report script using debug level 2,
maybe we can help
figure this out.

> I have another doubt, now it's about the notice email. How can I do to
> configure to bro send to administrator an email in some critical
> situations?
>

This section of the manual should answer your question:

http://www.bro-ids.org/Bro-user-manual/Notice-Actions.html

>
> Thanks
> Angelita
>
> ----- Original Message -----
> From: "Brian Tierney" <BLTierney at lbl.gov>
> To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
> Sent: Tuesday, June 28, 2005 10:53 AM
> Subject: Fwd: [Bro] Empty reports!!
>
>
>
>>
>> a couple more suggestions from the author of the report script:
>>
>> Begin forwarded message:
>>
>>
>>
>>> From: Roger Winslow <rwinslow at lbl.gov>
>>>
>>>
>>>     This sounds like either the bro.cfg file is not set correctly,
>>> site-report.pl is not told where bro.cfg is, or no log data is
>>> being found.
>>>
>>>     I suggest that the user run the command by hand (use -h to find
>>> all of the command line options) with a debug of 2 or higher and
>>> see what happens.  The files are ouput to $BROHOME/reports/local.
>>> Also scan reports are still on.  We left it on because there was
>>> too little data without it during demos.  The ability to turn on/
>>> off certain parts of the report are not finished yet (obviously)
>>> but it's about half way done.
>>>
>>>
>>>
>>
>>
>>
>
>

------------------------------------------------------------------------ 
-------------------
   Brian L. Tierney,   Lawrence Berkeley National Laboratory (LBNL)
   1 Cyclotron Rd.  MS: 50B-2239,  Berkeley, CA  94720
   tel: 510-486-7381    fax: 510-495-2998   efax:  240-332-4065
   bltierney at lbl.gov   http://www-didc.lbl.gov/~tierney
------------------------------------------------------------------------ 
------------------



_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list