[Bro] SSH brute-force email notice

Loris Leiva loris.leiva at gmail.com
Tue Feb 28 08:25:59 PST 2017


Yes sorry I meant no errors get logs but weirdly I still get my notice.log entry with Notice::ACTION_EMAIL in it.

On 28 Feb 2017, 17:24 +0100, Azoff, Justin S <jazoff at illinois.edu>, wrote:
>
> > On Feb 28, 2017, at 11:17 AM, Loris Leiva <loris.leiva at gmail.com> wrote:
> >
> > Thank you for your answer.
> >
> > I have checked the logs during my scenario and when the email doesn’t send nothing get logs at all (not even on the bro stderr log). However, when I raise a dummy notice in a bro_init() event, then I receive the email and the email gets logged properly.
>
> Nothing gets logged at all? not even to notice.log?
>
> >
> > Note that I am using macOS Sierra so I access my logs through the following command `log stream --predicate '(process == "smtpd") || (process == "smtp")' -info`.
> >
> > Any idea of what could be the problem ?
> >
> > Thanks again,
> > Loris
>
> --
> - Justin Azoff
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170228/92178127/attachment.html 


More information about the Bro mailing list