[Bro] example from manual
John Babio
jbabio at po-box.esu.edu
Thu Jun 27 10:11:23 PDT 2013
In the example, if I wanted it to log this info instead of ACTION_EMAIL,
what would I change it too? ACTION_ALARM or ACTION_LOG?
On 6/27/13 1:00 PM, "Seth Hall" <seth at icir.org> wrote:
>
>On Jun 27, 2013, at 12:41 PM, John Babio <jbabio at po-box.esu.edu> wrote:
>
>> http://bro.org/sphinx/notice.html
>>
>> Where does the example syntax get placed?
>
>
>You could put it in local.bro or a better idea might be to place a new
>file of your own in <prefix>/share/bro/site/ and and add an "@load
>myfile" line to local.bro.
>
>Like thisŠ
>
>in <prefix>/share/bro/site/myfile.bro:
> print "hello world";
>
>in <prefix>/share/bro/site/local.bro:
> @load myfile
>
>Are you running Bro with broctl or just running it directly? If you run
>with broctl, that local.bro script will automatically get loaded (and
>subsequently load your script).
>
> .Seth
>
>--
>Seth Hall
>International Computer Science Institute
>(Bro) because everyone has a network
>http://www.bro.org/
>
More information about the Bro
mailing list