Bro log into MySQL
vern at icir.org
Sun Nov 16 23:51:19 PST 2003
> I was thinking of doing the same thing for MySQL logging, but there seems
> to be little value in that: the logs are pretty much free form text and no
> sensible schema can be designed.
Note that with Bro 0.8's "ALERT" framework, there's an opportunity to now
define such schemas. That indeed was one of the motivations behind
instituting it, though the policy scripts don't yet make full use of it.
More information about the Bro