[Bro] (no subject)
Rich Perry
rich-reco at hotmail.com
Sat Dec 2 22:14:39 PST 2017
Hello and thank you for your assistance. As the subject states, I'm not getting email notifications to this email address (rich-reco at hotmail.com). I've gone to /etc/bro/broctl.cfg and uncommented and added:
MailTo = rich-reco at hotmail.com
sendmail = /usr/sbin/sendmail
I also uncommented and added LogRotationInterval = 60 to test it. I ran into issues with sendmail so I commented it out so now it currently looks like:
MailTo = rich-reco at hotmail.com
#sendmail = /usr/sbin/sendmail
bro is logging them in /var/log/bro/[today's date] but i'm not receiving anything.
As far as the local.bro file goes, I've only added:
hook Notice::policy(n: Notice::Info)
{
add n$actions[Notice::ACTION_EMAIL];
}
which I believe is what actually emails the notices. Is this correct? If this is not correct, what is the correct code to add to receive ALL alerts. I've looked at the documentation but I did not find a function to send ALL notices or couldn't understand what I saw. Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171203/dfe59cc5/attachment.html
More information about the Bro
mailing list