[Bro] Debugging Bro Scripts Where action = Notice::ACTION_EMAIL
Seth Hall
seth at icir.org
Wed Aug 29 10:10:19 PDT 2012
On Aug 28, 2012, at 4:22 PM, Chris Crawford <christopher.p.crawford at gmail.com> wrote:
> If you plan to test a new script where you expect it to send an email
> via the Notice framework, I recommend that you send traffic that ought
> to should trigger an email alert over the wire.
Why are you looking to send an email while reading a tracefile? The same notice will be in the notice.log.
I do agree that we should output a reporter message if someone tries to send an email while reading a tracefile though, we just can't sneak that feature into 2.1 but I'll file a ticket for it.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list