[Zeek] Multiple email recipients

Nicolas KRASINSKI krasinski at cines.fr
Mon Feb 18 01:54:16 PST 2019


Thanks, It works fine with MailAlarmsTo in broctl.cfg. 
But MailAlarmsTo works with ACTION_ALARM and send only alarm summary mails, not directly the alarm... 

Thank you, 

Nicolas. 




De: "Jon Siwek" <jsiwek at corelight.com> 
À: "krasinski" <krasinski at cines.fr> 
Cc: "zeek" <zeek at zeek.org> 
Envoyé: Jeudi 14 Février 2019 23:40:07 
Objet: Re: [Zeek] Multiple email recipients 

On Thu, Feb 14, 2019 at 8:21 AM Nicolas KRASINSKI <krasinski at cines.fr> wrote: 

> I tried also to put in my script 
> redef Notice::mail_dest = "user at domain.com"; 
> but nothing work, 
> 
> How can I send ACTION_ALARM to the email of "mail_dest" ? 

If you are using BroControl, have you tried setting the MailTo option 
and/or MailAlarmsTo option in broctl.cfg ? As you saw from the 
documentation, those take precedence over values defined in scripts. 

- Jon 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190218/1b6be3c1/attachment.html 


More information about the Zeek mailing list