example from manual

John_Babio1 · June 27, 2013, 4:41pm

Where does the example syntax get placed?

Seth_Hall3 · June 27, 2013, 5:00pm

You could put it in local.bro or a better idea might be to place a new file of your own in <prefix>/share/bro/site/ and and add an "@load myfile" line to local.bro.

Like this…

in <prefix>/share/bro/site/myfile.bro:
print "hello world";

in <prefix>/share/bro/site/local.bro:
@load myfile

Are you running Bro with broctl or just running it directly? If you run with broctl, that local.bro script will automatically get loaded (and subsequently load your script).

.Seth

John_Babio1 · June 27, 2013, 5:03pm

Yes. I am running it via security onion.

John_Babio1 · June 27, 2013, 5:11pm

In the example, if I wanted it to log this info instead of ACTION_EMAIL,
what would I change it too? ACTION_ALARM or ACTION_LOG?

Seth_Hall3 · June 27, 2013, 5:13pm

All notices are logged by default in notice.log.

.Seth

Topic		Replies	Views
script working from cmd line but not from local.bro Zeek	6	73	May 6, 2022
SSH brute-force email notice Zeek	11	69	May 6, 2022
Help with bro scripting exercise question Zeek	3	63	May 6, 2022
bro notice framework Zeek	2	55	May 6, 2022
Basic Alerts/Email questions Zeek	4	86	May 6, 2022

example from manual

Related Topics