[Bro] Alarms in 2.0

Tyler T. Schoenke tyler.schoenke at colorado.edu
Wed Apr 11 14:29:28 PDT 2012


Two questions regarding Alarms in 2.0.

First, I created a signature and wanted to reduce the frequency that it
fires.  Does anyone have sample code for SIG_ALARM_PER_ORIG or some
other way to send out a single alarm per source IP?

Second, I configured the MailAlarmsTo setting, but the Alarms are still
going to the MailTo (bromessage@) address.  I also tried setting
MailAlarms = True.   What am I doing wrong?

Thanks,

Tyler

-- 
--
Tyler Schoenke
Network Security Manager
IT Security Office
University of Colorado at Boulder



More information about the Bro mailing list