[Bro] unknown identifier for Notice::ACTION_EMAIL
Nicolas KRASINSKI
krasinski at cines.fr
Fri Oct 26 06:39:48 PDT 2018
Hello,
I want bro to send email when a note is seen.
I try adding these to local.bro :
redef Notice::emailed_types += {
Address_Scan,
Port_Scan,
};
hook Notice::policy(n: Notice::Info)
{
if (n$note in Notice::emailed_types)
add n$actions[Notice::ACTION_EMAIL];
}
Or this
hook Notice::policy(n: Notice::Info)
{
if (n$note == Address_Scan)
add n$actions[Notice::ACTION_EMAIL];
}
But when I do broctl check I have this error :
error in /usr/local/bro/share/bro/site/local.bro, line 13: unknown identifier Address_Scan, at or near "Address_Scan"
The script policy/misc/scan.bro is well loaded.
Thanks a lot !
Nicolas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181026/ad3300f0/attachment.html
More information about the Bro
mailing list