[Bro] bro email scripts
Smith, Stephen G., OIG DoD
Stephen.Smith at dodig.mil
Mon Jun 26 05:31:40 PDT 2006
Hello all,
I am working on getting the email reports and alarms working in BRO, and
I am having to do a bit of hacking to modify it to use ssmtp instead of
sendmail. However in the process I have noticed a few things which I
figured I should ask about before I go too far.
1. There is the mail_notice.sh script in the scripts dir which
references the body of the alarm being in /tmp/bro.notice.$$, however I
can't find this file being created anywhere in the notice policy.
2. I don't see this script getting called anywhere in the notice policy
either, instead the mail_script var was declared as /bin/mail, which
doesn't work.
This leaves me with the following question: in the notice-policy file
what var contains the text of the alarm? If I can know that then I will
be able to figure how to pipe it to where I want it. I am assuming that
email system in this release is not actually broken, it is just my
installation.
Thanks,
Steve
--
Stephen G. Smith
DODIG NETSEC Division
stephen.smith at dodig.mil
This e-mail is from the Office of the Inspector General, Department of Defense, and may contain information that is "Law Enforcement Sensitive" {LES} or "For Official Use Only" {FOUO} or otherwise subject to the Privacy Act and/or legal and or other privileges that restrict release without appropriate legal authority.
More information about the Bro
mailing list