base/frameworks/notice/actions/add-geodata.bro

Notice

This script adds geographic location data to notices for the “remote” host in a connection. It does make the assumption that one of the addresses in a connection is “local” and one is “remote” which is probably a safe assumption to make in most cases. If both addresses are remote, it will use the $src address.

Namespace:Notice
Imports:base/frameworks/notice, base/frameworks/notice/main.bro, base/utils/site.bro
Source File:/scripts/base/frameworks/notice/actions/add-geodata.bro

Summary

Runtime Options

Notice::lookup_location_types: set &redef Notice types which should have the “remote” location looked up.

Redefinitions

Notice::Action: enum  
Notice::Info: record  

Detailed Interface

Runtime Options

Notice::lookup_location_types
Type:set [Notice::Type]
Attributes:&redef
Default:{}

Notice types which should have the “remote” location looked up. If GeoIP support is not built in, this does nothing.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.