Hello and thank you for your assistance. As the subject states, I’m not getting email notifications to this email address (rich-reco@hotmail.com). I’ve gone to /etc/bro/broctl.cfg and uncommented and added:
MailTo = rich-reco@hotmail.com
sendmail = /usr/sbin/sendmail
I also uncommented and added LogRotationInterval = 60 to test it. I ran into issues with sendmail so I commented it out so now it currently looks like:
MailTo = rich-reco@hotmail.com
#sendmail = /usr/sbin/sendmail
bro is logging them in /var/log/bro/[today’s date] but i’m not receiving anything.
As far as the local.bro file goes, I’ve only added:
hook Notice::policy(n: Notice::Info)
{
add n$actions[Notice::ACTION_EMAIL];
}
which I believe is what actually emails the notices. Is this correct? If this is not correct, what is the correct code to add to receive ALL alerts. I’ve looked at the documentation but I did not find a function to send ALL notices or couldn’t understand what I saw. Thank you!