[Bro] customize msg in a Notice hook
Matt Stucky
mattchess50 at gmail.com
Thu Nov 14 08:53:46 PST 2013
How would one go about customizing the message for a notice when it matches
specific criteria?
Here's what I've tried:
hook Notice::policy(n: Notice::Info)
{
if ( n$note == <Notice> && <additional criteria> )
add n$actions[Notice::ACTION_EMAIL];
n$msg=<custom message>;
}
However, that changes the message for every notice in the notice log... is
there a way to scope that so it changes the message only for that one
notice instance?
Thanks,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131114/436d3cf4/attachment.html
More information about the Bro
mailing list