[Bro] SSH brute-force email notice
Azoff, Justin S
jazoff at illinois.edu
Tue Feb 28 07:01:11 PST 2017
> On Feb 28, 2017, at 9:48 AM, Loris Leiva <loris.leiva at gmail.com> wrote:
> What is going wrong:
> Even though the notice is raised, I do not receive any emails.
>
> Hypothesis to eliminate:
> - First of all, my broctl.cfg file is configured correctly and, if I raise a random notice in the `bro_init()` event, I successfully receive the email.
> - I am also sure that the notice is being raise properly as a `notice.log` file gets generated with the relevant notice containing the `Notice::ACTION_EMAIL` action. I even hard-coded a print inside the module that raise the notice to make sure that this part of the code was run.
If your notice.log mentioned ACTION_EMAIL but you did not get an email then you need to look at the bro stderr log and the mail log(/var/log/mail or such) for your machine.
--
- Justin Azoff
More information about the Bro
mailing list