Internal hostname in mail.log

Will · May 2, 2011, 4:36pm

Hi All,

Can anyone help me determine which broctl script/postprocessor (I'm
assuming) is adding an internal hostname (user.host.com) to mail.log.

cat mail.log:

2011-05-02-11:43:05 HTTP_IncorrectFileType (L) 10.0.0.1 = user.host.com

<bro> application/x-dosexec http://www[.]bad[.]com/PrintPeer[.]dat

I would like to add internal hostnames to some other alerts and would
like to avoid re-creating the wheel.

Thanks in advance for any help!

Will

robin · May 2, 2011, 6:13pm

It's done inside Bro actually, see the
aux/broctl/policy/mail-alarms.bro script.

Robin

Will · May 2, 2011, 6:18pm

Perfect! Thanks Robin!

Will

Topic		Replies	Views
turn off host up/down emails Zeek	8	52	May 6, 2022
Question from a beginner Zeek	2	59	May 6, 2022
configure from email address Zeek	8	78	May 6, 2022
DNS logging Zeek	8	88	May 6, 2022
Bro 2.5.4 Development development	4	100	May 6, 2022