Hi,
I write a bro shell file to test function of notice mail. But when i run this shell, the mailbox “dj5521@163.com” does not receive any mail.
The following is the shell file:
@load base/protocols/conn
@load base/protocols/http
@load base/frameworks/logging
@load base/frameworks/notice
module HTTP;
export {
redef enum Notice::Type += {
Http_Notice_Plicy
};
#redef Notice::mail_dest = “dj5521@163.com”;
}
redef Notice::mail_dest = “dj5521@163.com”;
event http_message_done(c: connection, is_orig: bool, stat: http_message_stat)
{
local message = fmt("====http done====");
NOTICE([$note=Http_Notice_Plicy, $msg=message,
$conn=c,
$identifier=cat(c$id$resp_h,c$id$resp_p,c$http$uid)]);
}
hook Notice::policy(n: Notice::Info)
{
print “===========>run HTTP policy<=============”;
if ( n$note == HTTP::Http_Notice_Plicy )
add n$actions[Notice::ACTION_EMAIL];
}
When i run this file, i do not get any error and bro produces notice.log and weird.log correctly. I have installed mail tool on my centos system already.
Could you please help me to look what wrong with this shell file?