base/frameworks/notice/actions/pp-alarms.zeek

Notice

Notice extension that mails out a pretty-printed version of notice_alarm.log in regular intervals, formatted for better human readability. If activated, that replaces the default summary mail having the raw log output.

Namespace

Notice

Imports

base/frameworks/cluster, base/frameworks/notice/main.zeek

Summary

Redefinable Options

Notice::mail_dest_pretty_printed: string &redef

Address to send the pretty-printed reports to.

Notice::pretty_print_alarms: bool &redef

Activate pretty-printed alarm summaries.

State Variables

Notice::flag_nets: set &redef

If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”).

Notice::force_email_summaries: bool &redef

Force generating mail file, even if reading from traces or no mail destination is defined.

Functions

Notice::pretty_print_alarm: function &redef

Function that renders a single alarm.

Detailed Interface

Redefinable Options

Notice::mail_dest_pretty_printed
Type

string

Attributes

&redef

Default

""

Address to send the pretty-printed reports to. Default if not set is Notice::mail_dest.

Note that this is overridden by the ZeekControl MailAlarmsTo option.

Notice::pretty_print_alarms
Type

bool

Attributes

&redef

Default

T

Activate pretty-printed alarm summaries.

State Variables

Notice::flag_nets
Type

set [subnet]

Attributes

&redef

Default

{}

If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). Many MUAs then highlight such lines differently.

Notice::force_email_summaries
Type

bool

Attributes

&redef

Default

F

Force generating mail file, even if reading from traces or no mail destination is defined. This is mainly for testing.

Functions

Notice::pretty_print_alarm
Type

function (out: file, n: Notice::Info) : void

Attributes

&redef

Function that renders a single alarm. Can be overridden.