[ https://bro-tracker.atlassian.net/browse/BIT-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13702#comment-13702 ]
Anthony Verez edited comment on BIT-1063 at 8/21/13 7:02 PM: ------------------------------------------------------------- Sure, here is the patch. was (Author: netantho): Patch > Patch for documentation > ----------------------- > > Key: BIT-1063 > URL: https://bro-tracker.atlassian.net/browse/BIT-1063 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Website > Affects Versions: git/master > Reporter: Anthony Verez > Attachments: 0001-Docs-fix.patch > > > I fixed examples, a link and a typing error in the docs for the git/master > version. Great docs btw ;-) > Patch: > diff --git a/doc/notice.rst b/doc/notice.rst > index 76d5bcd..b4b375c 100644 > --- a/doc/notice.rst > +++ b/doc/notice.rst > @@ -98,9 +98,9 @@ type :bro:see:`SSH::Password_Guessing` if the server is > 10.0.0.1: > .. note:: > - Keep in mind that the semantics of the SSH::Password_Guessing notice are > - such that it is only raised when Bro heuristically detects a failed > - login. > + Keep in mind that the semantics of the :bro:see:`SSH::Password_Guessing` > + notice are such that it is only raised when Bro heuristically detects > + a failed login. > Hooks can also have priorities applied to order their execution like events > with a default priority of 0. Greater values are executed first. Setting > @@ -339,7 +339,7 @@ included below. > hook Notice::policy(n: Notice::Info) > { > if ( n?$conn && n$conn?$http && n$conn$http?$host ) > - n$email_body_sections[|email_body_sections|] = fmt("HTTP host > header: %s", n$conn$http$host); > + n$email_body_sections[|n$email_body_sections|] = fmt("HTTP host > header: %s", n$conn$http$host); > } > @@ -348,7 +348,7 @@ Cluster Considerations > As a user/developer of Bro, the main cluster concern with the notice > framework > is understanding what runs where. When a notice is generated on a worker, the > -worker checks to see if the notice shoudl be suppressed based on information > +worker checks to see if the notice should be suppressed based on information > locally maintained in the worker process. If it's not being > suppressed, the worker forwards the notice directly to the manager and does > no more > local processing. The manager then runs the :bro:see:`Notice::policy` hook > and > diff --git a/doc/quickstart.rst b/doc/quickstart.rst > index 9f64e36..b5ac4ee 100644 > --- a/doc/quickstart.rst > +++ b/doc/quickstart.rst > @@ -270,14 +270,11 @@ that only takes the email action for SSH logins to a > defined set of servers: > 192.168.1.102, > } &redef; > - redef Notice::policy += { > - [$action = Notice::ACTION_EMAIL, > - $pred(n: Notice::Info) = > - { > - return n$note == SSH::Login && n$id$resp_h in watched_servers; > - } > - ] > - }; > + hook Notice::policy(n: Notice::Info) > + { > + if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in > watched_servers ) > + add n$actions[Notice::ACTION_EMAIL]; > + } > You'll just have to trust the syntax for now, but what we've done is > first declare our own variable to hold a set of watched addresses, -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://bro-tracker.atlassian.net/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev