[Bro] Question on "already defined (Notice::policy)" error
Daniel Thayer
dnthayer at illinois.edu
Thu Oct 9 15:39:11 PDT 2014
On 10/09/2014 03:53 PM, James Lay wrote:
> On 2014-10-09 14:39, Gary Faulkner wrote:
>> Have you tried something like this for defining notices you want
>> emails on:
>>
>> redef Notice::emailed_types += {
>> PacketFilter::Dropped_Packets,
>> };
>>
>>
>> On 10/9/2014 2:55 PM, James Lay wrote:
>>> Hi All,
>>>
>>> I'm dabbling with getting Bro to email, so I've added this to my
>>> local.bro:
>>>
>>> redef Notice::mail_dest = "myemail at address.com";
>>>
>>> redef Notice::policy += {
>>> [$result = Notice::ACTION_EMAIL,
>>> $pred(n: Notice::Info) =
>>> { return n$note == PacketFilter::Dropped_Packets; }
>>> ]
>>> };
>>>
>>> but I'm getting:
>>>
>>> error in /usr/local/bro/share/bro/base/frameworks/notice/./main.bro,
>>> line 183 and /usr/local/bro/share/bro/site/local.bro, line 101:
>>> already
>>> defined (Notice::policy)
>>>
>>> Is there something I'm missing? Thank you.
>>>
>>> James
>
> Thanks again Gary...I remember now looking at emailing direct from bro
> when I first started out...and this is why I think I stopped:
>
> sh: 1: /usr/sbin/sendmail: not found
>
> I do not have sendmail installed....is there a way to redefine which
> email application that gets used? I use an app called sendEmail:
>
> http://caspian.dotconf.net/menu/Software/SendEmail/
>
> Thanks again for all the assistance...getting closer.
>
> James
You could try this:
https://www.bro.org/sphinx-git/scripts/base/frameworks/notice/main.bro.html#id-Notice::sendmail
More information about the Bro
mailing list