[Bro] Requesting event_notice ad event_alarm events over broccoli
Stephen Chan
sychan at lbl.gov
Thu Aug 13 10:51:24 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robin Sommer wrote:
> On Wed, Aug 12, 2009 at 11:47 -0700, you wrote:
>
>> I'm trying to collect event_notice and event_alarm events from a
>
> (I suppose you mean notice_action and notice_alarm?)
>
Yes, that's what I meant to write, even if I didn't! :-)
>
> There are two things which could help tracking this down: if you
> could find like a minimal configuration/setup which demonstrates
> the problem, that'd be great (always a bit tricky when
> communication is involved...). And you could compile with
> --enable-debug and then run with "-B comm", that will log some
> stuff into debug.log which might help (that file quickly gets huge
> though).
>
I will try to get this today. I expected that the notice_action
stuff was being used for the bro cluster, so I'm thinking it is just
something dumb and/or obvious that I'm missing.
>
> P.S.: Which Bro version are you using?
>
Its version 1.4 as of 3/18/09.
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqEUpwACgkQcVd2YI1BWAjw+wCgkOPyF/qozD+LPMkDgE6Q8/5s
LzEAniSRZXcGuEO4hrdDowBqFMW6bdbY
=zH60
-----END PGP SIGNATURE-----
More information about the Bro
mailing list