[Bro] Bro Scripting Question
William Seemann
wseemann at gmail.com
Sun Oct 16 17:59:56 PDT 2011
Thank you, both of the responses I've received have been extremely
helpful. I have another question. I read through snippets from the Bro
documentation but I can't seem to find a way to generate an email alert
in a script. I've redefined the "mail_dest" as follows:
redef Notice::mail_dest = "wseemann at gmail.com";
I can't seem to find a way to actually generate the email notification
from within my script, all my attempts produce syntax errors. Can anyone
suggest a script to look at? Thanks again, William
On 10/14/2011 08:40 AM, Seth Hall wrote:
> On Oct 13, 2011, at 5:38 PM, William Seemann wrote:
>
>> From what I can gather is seems like the new_connection event would be
>> an obvious place to perform my checks since it is called for inbound and
>> outbound connections. Does this sound like the correct approach? Also,
>> is there a simple way to determine what service(s) a host is running
>> (smtp, ssh, etc)?
> There is a script in the next release that is a variant on what you are looking to do. I even went back and fixed it recently since it was pretty badly broken.
>
> Clone our git repository[1] and look at the script: scripts/policy/protocols/conn/known-services.bro [2]
>
> 1. http://www.bro-ids.org/documentation/quickstart.html#compiling-bro-source-code
> 2. http://git.bro-ids.org/bro.git/blob/HEAD:/scripts/policy/protocols/conn/known-services.bro
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
More information about the Bro
mailing list