@load notice
@load alarm
@load weird
@load site

# Configure local networks so that we can use is_local(addr)
# to check whether a given address is internal.
redef local_nets += {
	128.3.0.0/16,
	131.243.0.0/16,
};

# Table to remember seen (ip,port) pairs.
global services: set[addr, port];

event connection_established(c: connection)
	{
	### Insert code here.
	}

event bro_done()
	{
	#### Insert code here.
	}


######## Suppress alerts generated because we have header-only traces.
redef notice_action_filters += {
    [ContentGap] = ignore_notice
};

redef notice_policy += {
    [$pred(a: notice_info) = { 
        return a$note == WeirdActivity &&
            ("incompletely_captured_fragment" in a$msg ||
             "UDP_datagram_length_mismatch" in a$msg);
    }, 
    $result = NOTICE_IGNORE]
};