[Bro] bro email notifications

[Aashish Sharma]

Hello All, 

Any thoughts about this : 
		
On Fri, 2005-02-25 at 18:18, Aashish Sharma wrote:

> > With the latest release there are two new notice actions, NOTICE_EMAIL and
> > NOTICE_PAGE, which you can use for this.
> > 
> 
> 1)  [ From policy/notice.bro ]  
> global notice_policy: set[notice_policy_item] = {
>         [$pred(n: notice_info) = { return T; },
> #        $result = NOTICE_ALARM_ALWAYS,
>          $result = NOTICE_EMAIL,
>          $priority = 0],
> } &redef;
> 
> How do I set up various degree's of notifications. For some things I
> would like to be paged, others an email and rest just logged. 
> 
> $result seems to let me setup only one notice action option here. 
> 
> > [ I do see policy/notice.bro has some email parameters settings but
> does
> > > not seems to be working ] 
> > 

2) 
> > Can you provide an example that demonstrates it's not working?
> > 
> 
> However If I understand it correctly, email sending mechanism is defined
> here in notice.bro : 
> 
> # Variables the control email notification.
> global mail_notification = reading_live_traffic() &redef;
> global mail_script = "mail_notice.sh" &redef;
> global mail_dest = "bro" &redef;
> global mail_page_dest = "bro-page" &redef;
> 
> I dont see mail_notice.sh in scripts folder so right now I am not very
> sure how bro is going to handle sending email notification and what this
> script is intending to do. 
> 
> It is going to parse logs periodically and grep for NOTICE_EMAIL and
> take action or has some other mechanism is intended  ? 
> 
> 
> Thanks, 
> Aashish 
> 
> 
> 
> On Fri, 2005-02-25 at 14:59, Vern Paxson wrote:
> > > 1) We used to run wots/swatch on bro logs periodically which checks for
> > > alert patterns and send an us an email for that particular bro alert
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro