base/frameworks/notice/actions/add-geodata.bro

Notice

This script adds geographic location data to notices for the “remote” host in a connection. It does make the assumption that one of the addresses in a connection is “local” and one is “remote” which is probably a safe assumption to make in most cases. If both addresses are remote, it will use the $src address.

Namespace:Notice
Imports:base/frameworks/notice, base/frameworks/notice/main.bro, base/utils/site.bro
Source File:/scripts/base/frameworks/notice/actions/add-geodata.bro

Summary

Runtime Options

Notice::lookup_location_types: set &redef Notice types which should have the “remote” location looked up.

Redefinitions

Notice::Action: enum  
Notice::Info: record  

Detailed Interface

Runtime Options

Notice::lookup_location_types
Type:set [Notice::Type]
Attributes:&redef
Default:{}

Notice types which should have the “remote” location looked up. If GeoIP support is not built in, this does nothing.


Table of Contents

Next Page

base/frameworks/notice/actions/pp-alarms.bro

Previous Page

base/frameworks/notice/actions/page.bro

Copyright 2016, The Bro Project. Last updated on December 19, 2018. Created using Sphinx 1.8.2.