[Zeek] Send email on any SSH attempt
Merril Mathew
merril.mathew at baby2body.com
Thu May 30 02:45:01 PDT 2019
Hi All,
I am very new to Zeek. I was trying to send an email on any SSH attempt,
regardless of success or fail. The notice framework is really confusing and
I could not find much information online. :) Would be great if someone can
explain to me what I need to do to solve this specific issue.
Please find attached what I have tried so far. Please also note that
whenever I tried to run my scripts with pcap file it generates a
notice.log. However if I load my script to local.zeek then I cannot find
any notice.log in $PREFIX/bro/logs/current.
zeek_mail.zeek is where the Notice implementation is done and
zeek_mail2.zeek is where the notice hook is applied.
Kind regards,
Merril.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190530/ebf47a4d/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zeek_mail2.zeek
Type: application/octet-stream
Size: 225 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190530/ebf47a4d/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zeek_mail.zeek
Type: application/octet-stream
Size: 353 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190530/ebf47a4d/attachment-0001.obj
More information about the Zeek
mailing list