[Bro] Notifications from Local.bro

Damon Rouse damonrouse at gmail.com
Mon May 19 19:34:59 PDT 2014 

Yes, I’m removing that last comment character.  I’ll run and post the diag later tonight.

Thanks

On May 19, 2014, at 5:28 PM, Jon Schipp <jonschipp at gmail.com> wrote:

> Just to be sure, are you uncommenting the entire emailed_types redefinition?
> You have a comment character at the beginning of the definition in your output, "# redef Notice::emailed_types +=".
> 
> 
> On Mon, May 19, 2014 at 5:58 PM, Damon Rouse <damonrouse at gmail.com> wrote:
> Hi Everyone
> 
> I'm pretty new to BRO and have a quick question about setting up alerts from Bro.  Inside my Local.bro file I have the following what's below (which works great).  If I uncomment the emailed_types redef, Bro errors out after running the following sudo broctl install && sudo broctl restart.  The error is: manager terminated immediately after starting; check output with "diag"
> 
> Can you only have one redef statement in the local.bro file?  Or did I make a mistake somewhere?
> 
> hook Notice::policy(n: Notice::Info)
>             {
>             add n$actions[Notice::ACTION_EMAIL];
>             }
> 
> # redef Notice::emailed_types += {
>        HTTP::Incorrect_File_Type,
>        SSH::Interesting_Hostname_Login,
>        HTTP::Malware_Hash_Registry_Match,
>        APT1::Domain_Hit,
>        APT1::Certificate_Hit,
>        APT1::File_MD5_Hit,
> };
> 
> redef Notice::ignored_types += { SSL::Invalid_Server_Cert };
> 
> Thanks!
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> 
> 
> -- 
> Jon Schipp, 
> jonschipp.com, sickbits.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140519/90983341/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140519/90983341/attachment.bin

More information about the Bro mailing list