[Bro] Question on quick start documentation SSH:Login example.
nithen
nithen at gmail.com
Tue Aug 5 06:28:31 PDT 2014
Hi,
Sorry for directing such a simple question to the mailing list - but
I'm really stuck and would appreciate your help.
I am running 2 separate instances of Bro (on separate hardware):
1. Bro 2.2 on FreeBSD 10
2. Bro 2.3 on FreeBSD 10
I am following the Quick Start documentation found here:
http://www.bro.org/sphinx/quickstart/index.html
I can't get the deployment customization example on "SSH:Login" to work.
I have performed the following:
1. Checked my installation is working.
2. Checked my email (mailto) is working.
3. Checked my networks.cfg includes my test SSH server and excludes my client.
4. Checked for previous posts on the issue.
Here is the code that is to be written into local.bro (only change was
the IP Addresses):
<snip>
const watched_servers: set[addr] = {
192.168.1.100,
192.168.1.101,
192.168.1.102,
} &redef;
hook Notice::policy(n: Notice::Info)
{
if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers )
add n$actions[Notice::ACTION_EMAIL];
}
</snip>
Thank you,
Nithen
More information about the Bro
mailing list