Hello,
When I uncommented the following line in /opt/bro/share/bro/site/local.bro to enable email alerts on notice alarms and did install and restart on broctl Bro Manager is crashing.
redef Notice::policy += { [$action = Notice::ACTION_ALARM, $priority = 0] };
I get the following error message via email notification. I am running BRO as a part of the Security Onion.
When I comment the line back, Manager starts but I do not think emails on notices will.
Thank you again
Konrad
If you want to help us debug this problem, then please forward this mail to reports@bro.org
Bro 2.2
Linux 3.2.0-57-generic
==== No reporter.log
==== stderr.log
error in /opt/bro/share/bro/base/
*frameworks/notice/./main.bro, line 182 and /nsm/bro/spool/installed-**scripts-do-not-touch/site/*local.bro, line 35: already defined (Notice::policy)
==== stdout.log
unlimited
unlimited
unlimited
==== .cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
==== .env_vars
*PATH=/opt/bro/bin:/opt/bro/**share/broctl/scripts:/usr/**local/sbin:/usr/local/bin:/**usr/sbin:/usr/bin:/sbin:/bin:/*opt/bro/bin
*BROPATH=/nsm/bro/spool/**installed-scripts-do-not-**touch/site::/nsm/bro/spool/**installed-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/*opt/bro/share/bro/site
CLUSTER_NODE=manager
==== .status
TERMINATED [atexit]
==== No prof.log
==== No packet_filter.log
==== No loaded_scripts.log