Hi All,
I'm dabbling with getting Bro to email, so I've added this to my local.bro:
redef Notice::mail_dest = "myemail@address.com";
redef Notice::policy += {
[$result = Notice::ACTION_EMAIL,
$pred(n: Notice::Info) =
{ return n$note == PacketFilter::Dropped_Packets; }
]
};
but I'm getting:
error in /usr/local/bro/share/bro/base/frameworks/notice/./main.bro, line 183 and /usr/local/bro/share/bro/site/local.bro, line 101: already defined (Notice::policy)
Is there something I'm missing? Thank you.
James
Have you tried something like this for defining notices you want emails on:
redef Notice::emailed_types += {
PacketFilter::Dropped_Packets,
};
Giving that a go now...thanks Gary.
James
Thanks again Gary...I remember now looking at emailing direct from bro when I first started out...and this is why I think I stopped:
sh: 1: /usr/sbin/sendmail: not found
I do not have sendmail installed....is there a way to redefine which email application that gets used? I use an app called sendEmail:
http://caspian.dotconf.net/menu/Software/SendEmail/
Thanks again for all the assistance...getting closer.
James