base/frameworks/notice/actions/pp-alarms.zeek
- Notice
Notice extension that mails out a pretty-printed version of notice_alarm.log in regular intervals, formatted for better human readability. If activated, that replaces the default summary mail having the raw log output.
- Namespace
Notice
- Imports
Summary
Redefinable Options
Address to send the pretty-printed reports to. |
|
Activate pretty-printed alarm summaries. |
State Variables
If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). |
|
Force generating mail file, even if reading from traces or no mail destination is defined. |
Functions
Function that renders a single alarm. |
Detailed Interface
Redefinable Options
- Notice::mail_dest_pretty_printed
-
Address to send the pretty-printed reports to. Default if not set is
Notice::mail_dest
.Note that this is overridden by the ZeekControl MailAlarmsTo option.
- Notice::pretty_print_alarms
-
Activate pretty-printed alarm summaries.
State Variables
- Notice::flag_nets
-
If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). Many MUAs then highlight such lines differently.
- Notice::force_email_summaries
-
Force generating mail file, even if reading from traces or no mail destination is defined. This is mainly for testing.
Functions
- Notice::pretty_print_alarm
- Type
function
(out:file
, n:Notice::Info
) :void
- Attributes
Function that renders a single alarm. Can be overridden.