[Bro] multiple tables in SQLite Database
Ul Asad, Hafiz
Hafiz.Ul-Asad.1 at city.ac.uk
Sat Mar 25 07:39:19 PDT 2017
So you mean the following script,
local filter: Log::Filter =
$config=table(["tablename"] = "conn"),
Would write conn.log to a "postgres" database if we make what changes??
From: Aashish Sharma [mailto:asharma at lbl.gov]
Sent: 25 March 2017 14:25
To: Ul Asad, Hafiz <Hafiz.Ul-Asad.1 at city.ac.uk>
Cc: bro at bro.org
Subject: Re: [Bro] multiple tables in SQLite Database
You'd need to use postgres instead. SQLite + BRO is good for readonly operations. If you have a lot of reads/writes Postgres works fantastic. It should be fairly straight forward to port your current bro SQLITE policy to use postgres code. I have been using postgres instead as well. Don't use sqlite.
On Sat, Mar 25, 2017 at 09:39:28AM +0000, Ul Asad, Hafiz wrote:
> Bro Users,
> I have been trying to have multiple logs in a single sqlite database but I am getting the "the database is locked error". This problem was previously raised here, https://bro-tracker.atlassian.net/browse/BIT-1325?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aworklog-tabpanel. I wonder if there has been any solution for it in the Bro 2.5?
> Bro mailing list
> bro at bro-ids.org
More information about the Bro