[Bro] Bro Scripting Question
Seth Hall
seth at icir.org
Mon Oct 17 09:58:05 PDT 2011
On Oct 16, 2011, at 8:59 PM, William Seemann wrote:
> redef Notice::mail_dest = "wseemann at gmail.com";
>
> I can't seem to find a way to actually generate the email notification from within my script, all my attempts produce syntax errors. Can anyone suggest a script to look at? Thanks again, William
Ironically I finally started writing this documentation last night (the notice framework has been completely rewritten). If you have a particular notice that you want to send to send to email every time the notice is generated you can add the notice a set that acts like a shorthand for modifying your Notice::policy. Here's an example...
redef Notice::emailed_types += { HTTP::SQL_Injection_Attack_Against };
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list