[Bro] SQL usage in Bro
Jim Mellander
jmellander at lbl.gov
Fri Feb 12 13:39:11 PST 2010
Seth Hall wrote:
<snip>
>
> My thought would be that you could do something like...
>
> > broctl db_update bad_urls
>
> That would throw an event named db_update to one or all of the hosts
> (still haven't decided on this yet) which would be handled like this
> (theoretically)...
>
> event db_update(var)
> {
> force_db_update(var);
> }
>
> The force_db_update function could be a built-in-function that would
> lookup the variable named by the value of the string "var" and force
> it do update from the database.
>
<snip>
Ok, I presume the force_db_update() function is a yet-to-be-created function.
The same practical effect would seem to be accrued if there was a way to access
the timer, and force an immediate expiration, or if the syntax of the
declaration was changed, e.g. your example:
global bad_urls: set[string] &query="SELECT url FROM bad_urls"
&query_interval=1hour;
perhaps could be augmented with an event, ala
global bad_urls: set[string] &query="SELECT url FROM bad_urls"
&query_interval=1hour &query_event=update_badurls;
which would then allow script-level access to the updating process.
Perhaps we can work together on this?
--
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204
The reason you are having computer problems is:
Decreasing electron flux
More information about the Bro
mailing list