base/frameworks/notice/actions/pp-alarms.bro

Notice

Notice extension that mails out a pretty-printed version of alarm.log in regular intervals, formatted for better human readability. If activated, that replaces the default summary mail having the raw log output.

Namespace:Notice Imports:base/frameworks/cluster, base/frameworks/notice/main.bro Source File:/scripts/base/frameworks/notice/actions/pp-alarms.bro

Summary

Options

Notice::mail_dest_pretty_printed: string &redef	Address to send the pretty-printed reports to.
Notice::pretty_print_alarms: bool &redef	Activate pretty-printed alarm summaries.

State Variables

Notice::flag_nets: set &redef	If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”).
Notice::force_email_summaries: bool &redef	Force generating mail file, even if reading from traces or no mail destination is defined.

Functions

Notice::pretty_print_alarm: function &redef

Function that renders a single alarm.

Detailed Interface

Options

Notice::mail_dest_pretty_printed

Type:string Attributes:&redef Default:""

Address to send the pretty-printed reports to. Default if not set is Notice::mail_dest.

Note that this is overridden by the BroControl MailAlarmsTo option.

Notice::pretty_print_alarms

Type:bool Attributes:&redef Default:T

Activate pretty-printed alarm summaries.

State Variables

Notice::flag_nets

Type:set [subnet] Attributes:&redef Default:{}

If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). Many MUAs then highlight such lines differently.

Notice::force_email_summaries

Type:bool Attributes:&redef Default:F

Force generating mail file, even if reading from traces or no mail destination is defined. This is mainly for testing.

Functions

Notice::pretty_print_alarm

Type:function (out: file, n: Notice::Info) : void Attributes:&redef

Function that renders a single alarm. Can be overridden.