[Bro] Bro Scripting Question
Jonathan Siwek
jsiwek at ncsa.illinois.edu
Mon Oct 17 09:11:36 PDT 2011
> I can't seem to find a way to actually generate the email notification
> from within my script, all my attempts produce syntax errors. Can anyone
> suggest a script to look at? Thanks again, William
base/frameworks/notice/main.bro (from the git repos) might give you some hints at how to do it, but here's a couple examples.
If you'd like to make a certain type of notice (either a predefined or one you created) generate an email, you can augment the Notice::policy like this example:
redef Notice::mail_dest = "jsiwek at ncsa.illinois.edu";
redef Notice::policy += {
[$result = Notice::ACTION_EMAIL,
$pred(n: Notice::Info) =
{ return n$note == PacketFilter::Dropped_Packets; }
]
};
Or if you really need a more raw way to generate a mail at any point in a script you could do something like:
event bro_init()
{
local msg = Notice::email_headers("Test Email Subject", "jsiwek at ncsa.illinois.edu");
local body = "Here's the test email's body content.";
msg = string_cat(msg, "\n", body);
piped_exec(fmt("%s -t -oi", Notice::sendmail), msg);
}
Which would just send a mail once at startup.
- Jon
More information about the Bro
mailing list