[Bro] customize msg in a Notice hook
Siwek, Jonathan Luke
jsiwek at illinois.edu
Thu Nov 14 09:54:52 PST 2013
On Nov 14, 2013, at 10:53 AM, Matt Stucky <mattchess50 at gmail.com> wrote:
> How would one go about customizing the message for a notice when it matches specific criteria?
>
> Here's what I've tried:
>
> hook Notice::policy(n: Notice::Info)
> {
> if ( n$note == <Notice> && <additional criteria> )
> add n$actions[Notice::ACTION_EMAIL];
> n$msg=<custom message>;
> }
>
> However, that changes the message for every notice in the notice log... is there a way to scope that so it changes the message only for that one notice instance?
You need to use curly braces to make a compound statement, otherwise that last statement is unconditional. E.g.:
if ( … criteria ... )
{
add n$action[…];
n$msg = …;
}
- Jon
More information about the Bro
mailing list