On Wed, Dec 12, 2012 at 00:18 +0000, you wrote:
> - Bro Notice::ACTION_EMAIL -> MailTo
> - Bro Notice::ACTION_ALARM -> MailAlarmsTo (only sent as summaries)
> - broctl summarize-connections -> MailTo
> - broctl crash reports -> MailTo
> - broctl cron output -> MailTo
So, yeah, that looks like we need third category, but maybe we one for
the summaries. How about this:
- Bro Notice::ACTION_EMAIL -> MailTo
- Bro Notice::ACTION_ALARM -> MailSummariesTo
- broctl summarize-connections -> MailSummariesTo
- broctl crash reports -> MailAdminTo
- broctl cron output -> MailAdminTo
MailSummariesTo and MailAdminTo would default to MailTo.
?
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * [email protected]
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
