Notice::policy hooks and tests.

Include explanation of various Notice::policy hook actions. Add two btest scripts. framework_notice_hook_01.bro shows adding an action to the n$action set while framework_notice_suppression.bro shows how to add a custom n$suppress_for value for a notice through a policy hook. While both scripts include an @load directive, it is left out in RST document so as to avoid confusion.
2025-10-17 05:58:20 +00:00 · 2013-04-23 17:02:42 -04:00 · 2013-04-23 17:02:42 -04:00 · 59405af804
commit 59405af804
parent 2832939026
5 changed files with 61 additions and 2 deletions
--- a/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout
--- a/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout
--- a/testing/btest/doc/manual/framework_notice_hook_01.bro
+++ b/testing/btest/doc/manual/framework_notice_hook_01.bro
@ -0,0 +1,12 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load policy/protocols/ssh/interesting-hostnames.bro
+
+hook Notice::policy(n: Notice::Info)
+  {
+  if ( n$note == SSH::Interesting_Hostname_Login )
+      {
+      add n$actions[Notice::ACTION_EMAIL];
+      }
+  }
--- a/testing/btest/doc/manual/framework_notice_hook_suppression_01.bro
+++ b/testing/btest/doc/manual/framework_notice_hook_suppression_01.bro
@ -0,0 +1,12 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load policy/protocols/ssl/expiring-certs.bro
+
+hook Notice::policy(n: Notice::Info) 
+   {
+   if ( n$note == SSL::Certificate_Expires_Soon )
+       {
+       n$suppress_for = 12hrs;
+       }
+   }