[Bro] How to update table automaticlly when reading from SQLite Databases?

李金苗 beikejinmiao at gmail.com
Thu Feb 25 01:38:08 PST 2016

I see the error of "error:
/root/bro-suricata/bro/intels/abnormal/Input::READER_SQLITE: SQLite only
supports manual reading mode."
Here is my bro script

export {
    type Idx_HOST: record {
        host: string;

    type Val: record {
        target:         string &optional;
        start_times:    vector of string &optional;
        end_times:      vector of string &optional;
        nsrc_ips:       vector of string &optional;
#       reason:         string &optional;

    global abnormal_host: table[string] of Val = table();

event bro_init()
            $config=table(["query"] = "select * from abnormal_host;")

How can i reread the data from sqlite automaticlly.?
Or how can i use the command of `Input::force_update("")` in python?
Thanks you very much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160225/4832d532/attachment.html 

More information about the Bro mailing list