Patch for documentation

Description

I fixed examples, a link and a typing error in the docs for the git/master version. Great docs btw

Patch:

diff --git a/doc/notice.rst b/doc/notice.rst
index 76d5bcd..b4b375c 100644
— a/doc/notice.rst
+++ b/doc/notice.rst
@@ -98,9 +98,9 @@ type :bro:see:`SSH:assword_Guessing` if the server is 10.0.0.1:

.. note::

  • Keep in mind that the semantics of the SSH:assword_Guessing notice are

  • such that it is only raised when Bro heuristically detects a failed

  • login.
    + Keep in mind that the semantics of the :bro:see:`SSH:assword_Guessing`
    + notice are such that it is only raised when Bro heuristically detects
    + a failed login.

Hooks can also have priorities applied to order their execution like events
with a default priority of 0. Greater values are executed first. Setting
@@ -339,7 +339,7 @@ included below.
hook Notice:olicy(n: Notice::Info)
{
if ( n?$conn && n$conn?$http && n$conn$http?$host )

  • n$email_body_sections[|email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);
    + n$email_body_sections[|n$email_body_sections|] = fmt("HTTP host header: %s", n$conn$http$host);
    }

@@ -348,7 +348,7 @@ Cluster Considerations

As a user/developer of Bro, the main cluster concern with the notice framework
is understanding what runs where. When a notice is generated on a worker, the
-worker checks to see if the notice shoudl be suppressed based on information
+worker checks to see if the notice should be suppressed based on information
locally maintained in the worker process. If it's not being
suppressed, the worker forwards the notice directly to the manager and does no more
local processing. The manager then runs the :bro:see:`Notice:olicy` hook and
diff --git a/doc/quickstart.rst b/doc/quickstart.rst
index 9f64e36..b5ac4ee 100644
— a/doc/quickstart.rst
+++ b/doc/quickstart.rst
@@ -270,14 +270,11 @@ that only takes the email action for SSH logins to a defined set of servers:
192.168.1.102,
} &redef;

  • redef Notice:olicy += {

  • [$action = Notice::ACTION_EMAIL,

  • $pred(n: Notice::Info) =

  • {

  • return n$note == SSH::Login && n$id$resp_h in watched_servers;

  • }

  • ]

  • };
    + hook Notice:olicy(n: Notice::Info)
    + {
    + if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers )
    + add n$actions[Notice::ACTION_EMAIL];
    + }

You'll just have to trust the syntax for now, but what we've done is
first declare our own variable to hold a set of watched addresses,

Environment

None

Assignee

Unassigned

Reporter

Anthony VEREZ

Labels

None

External issue ID

None

Components

Affects versions

Priority

Normal
Configure