[Bro] Developing my own writer driver

Johanna Amann johanna at icir.org
Wed Jan 28 10:14:29 PST 2015


There is a prototype of a postgresql writer in one a branch.  However, it
is seriously outdated and will not compile with current Bro versions -- it
was either based on 2.2 or 2.1. And even for old bro versions it was
barely functional.

The best way to learn how to write logging writers is probably to take
a look at the already existing ones - they are mostly decapsulated from
Bro and quite easy to write.

Johanna

On Wed, Jan 28, 2015 at 10:29:51AM -0700, Luis Miguel Silva wrote:
> Dear all,
> 
> I'm brand new to bro (just found out about it and tried yesterday) and I'm
> very intrigued by its capabilities.
> 
> The documentation says we can write outputs into databases BUT, as I got to
> the logging framework documentation, it seems the only "non file based"
> writer driver available is for sqlite.
> 
> I'm really interested in using a server based SQL instance (like
> postgresql, mysql or mariadb) AND a NoSQL service (mongodb or couchdb).
> 
> Are there any other writer drivers available (even if they are not
> officially supported / are part of non committed contributions)?
> 
> If not, can someone give me some pointers on how to develop extra writer
> drivers?
> 
> Thank you,
> Luis Silva

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list