base/frameworks/notice/actions/pp-alarms.zeek¶
-
Notice
¶
Notice extension that mails out a pretty-printed version of notice_alarm.log in regular intervals, formatted for better human readability. If activated, that replaces the default summary mail having the raw log output.
- Namespace
Notice
- Imports
Summary¶
Redefinable Options¶
Address to send the pretty-printed reports to. |
|
Activate pretty-printed alarm summaries. |
State Variables¶
If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). |
|
Force generating mail file, even if reading from traces or no mail destination is defined. |
Functions¶
Function that renders a single alarm. |
Detailed Interface¶
Redefinable Options¶
- Notice::mail_dest_pretty_printed¶
-
Address to send the pretty-printed reports to. Default if not set is
Notice::mail_dest
.Note that this is overridden by the ZeekControl MailAlarmsTo option.
- Notice::pretty_print_alarms¶
-
Activate pretty-printed alarm summaries.
State Variables¶
- Notice::flag_nets¶
-
If an address from one of these networks is reported, we mark the entry with an additional quote symbol (i.e., “>”). Many MUAs then highlight such lines differently.
- Notice::force_email_summaries¶
-
Force generating mail file, even if reading from traces or no mail destination is defined. This is mainly for testing.
Functions¶
- Notice::pretty_print_alarm¶
- Type
function
(out:file
, n:Notice::Info
) :void
- Attributes
Function that renders a single alarm. Can be overridden.