[Bro] customize msg in a Notice hook
Matt Stucky
mattchess50 at gmail.com
Thu Nov 14 11:06:12 PST 2013
Ahh, so simple and so right.
Thanks!
-matt
On Thu, Nov 14, 2013 at 11:54 AM, Siwek, Jonathan Luke
<jsiwek at illinois.edu>wrote:
>
> On Nov 14, 2013, at 10:53 AM, Matt Stucky <mattchess50 at gmail.com> wrote:
>
> > How would one go about customizing the message for a notice when it
> matches specific criteria?
> >
> > Here's what I've tried:
> >
> > hook Notice::policy(n: Notice::Info)
> > {
> > if ( n$note == <Notice> && <additional criteria> )
> > add n$actions[Notice::ACTION_EMAIL];
> > n$msg=<custom message>;
> > }
> >
> > However, that changes the message for every notice in the notice log...
> is there a way to scope that so it changes the message only for that one
> notice instance?
>
> You need to use curly braces to make a compound statement, otherwise that
> last statement is unconditional. E.g.:
>
> if ( … criteria ... )
> {
> add n$action[…];
> n$msg = …;
> }
>
> - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131114/da450724/attachment.html
More information about the Bro
mailing list