[Bro] Debugging Bro Scripts Where action = Notice::ACTION_EMAIL
Seth Hall
seth at icir.org
Wed Aug 29 10:06:48 PDT 2012
On Aug 28, 2012, at 6:12 PM, Chris Crawford <christopher.p.crawford at gmail.com> wrote:
> redef Notice::mail_dest = "alert at email.com";
>
> in a custom Bro script doesn't appear to override the value specified
> by the MailTo variable set in etc/broctl.cfg .
Yes, this is an unfortunate side effect to automatically changing settings through BroControl. I believe that the documentation has been updated for 2.1 to clarify which variables are affected. I still don't think we are completely sure the direction this will go long term, but it is definitely unclear at the moment.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list