[Bro] Connection records in a database?
Seth Hall
hall.692 at osu.edu
Thu Oct 2 20:00:44 PDT 2008
On Oct 2, 2008, at 4:18 PM, Randolph Reitz wrote:
> I want to stuff connections records into a relational database (likely
> postgres). Has anyone done this?
I don't push my connection records, but I'm pushing a number of my
other logs into postgres.
> My first shot will be to write a simple python process that tails the
> conn.* log file and inserts records. I'm wondering if there is a more
> elegant way to collect and insert connection records?
I have a threaded ruby script that uses the "COPY FROM" technique to
push blocks of rows into the database. It's still early and messy,
but it does work fairly well and it keeps up with a brisk pace of
INSERTs.
I'm going to get started on a C or C++ application soon that will use
Broccoli to listen to some event which would be intended for database
logging. You would have to run a Bro script that would throw the
database logging event for each connection, but that should be fairly
easy to write. We'll see how far I make it with that. :)
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list