[Bro] bro alerts over email

Vern Paxson vern at icir.org
Tue Mar 22 23:54:05 PST 2005


> 1) currently  NOTICE_PAGE and NOTICE_EMAIL are independent actions so we had to do minor modifications in notice.bro 
> to be able to send an email as well  when NOTICE_PAGE action takes place. 
> 
> I think would be a good idea to have an email sent while NOTICE_PAGE action takes place. 

Yes, we agree.  I've added this to the to-do list.  Not sure how quickly
it'l be done, though (since the right way to do it is to allow the user
to specify either one, or the other, *or* both, and that sort of flexiblity
doesn't fit with the current exclusive-action model).

> Not sure why we needed '!' in 'if (! mail_notification)' condition because mail_notification is returning false 
> irrespective of live_traffic capture or a tcpdump reply.  

Well, that was a bug, per the earlier discussion.  In any case, it's gone
with the upcoming 0.9a9 release.

		Vern



More information about the Bro mailing list