Two questions

There is a dirty way you can do it without TOO much effort. Grep your notice out of notice.log, store the conn_id in a flat file, iterate over it periodically. For any conn_id not in your flat file, process it, store the conn_id in the flatfile, and continue. This way you can just run a grep driven script every X minutes to do this without much effort.

On a big link, this just isn’t going to work. You might be grepping a notice.log file hundreds of megs in size every X minutes, and thats just no bueno. If you have a small link… then thats different.

Eric,

Thnx for your reply. But I am looking for an alerting solution within the Bro framework based on triggerd events.