[Bro-Dev] libbroker status/plans

Robin Sommer robin at icir.org
Mon Nov 3 13:48:17 PST 2014

On Thu, Oct 23, 2014 at 21:59 +0000, you wrote:

> I started looking in to this a little and I’m thinking either LevelDB
> or RocksDB may be good default choices to use here.

I looked over them a bit, and RocksDB looks pretty cool, although also
quite complex given that we won't need all of what it offers.

Have you considered SQLite as an alternative? It's more than a
key/value store, and slower, but it would have the advantage of not
adding another dependency beyond what we already use. Not saying
that's what we should do, just wondering about the pros and cons.

Also, I was thinking it would be cool to have a command line tool that
can inspect (and potentially even manipulate [1]), the contents of a
Broker store. Say, you wanted to see what IPs are currently tracked in
some table, you could just run that tool to dump it out.


(*) Does any of the DBs have support for modifying a table exernally
while being open? Then that command line tool could even add/change
entries that way. That would actually make for a nice configuration
mechanism for things like whitelists or some tuning options.

Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin

More information about the bro-dev mailing list