[Bro] Developing my own writer driver
Luis Miguel Silva
luismiguelferreirasilva at gmail.com
Wed Jan 28 11:01:16 PST 2015
Thanks John, that is very useful, though I was trying to avoid using an
external import script as that will introduce a delay between the time the
events happen and the registers get added to the DB.
Also, based on my experience, it can be pretty expensive to run an import
script that parses through the data and translates it into insert calls.
Are the text writer logs created in append mode? If so, I could potentially
have an external process that listens for new lines and adds things "in
near realtime".
Out of curisotiy, why didn't you create a custom writer instead?
...simplicity?
Thank you!
Luis
On Wed, Jan 28, 2015 at 11:39 AM, John Green <john at giggled.org> wrote:
> Hi Luis,
> I had a similar requirement a while back and took a different approach
> to get my data into Postgres by importing the output from the default
> text writer. This was largely to keep things as simple as possible on
> the sensor side.
>
> See https://github.com/j-o-h-n-g/Mortimer/blob/master/broimport.py
>
> The code is quite dirty in places, but might give you some ideas for
> possible bro<->postgres type mappings.
>
> John
>
> On 28 January 2015 at 17:29, Luis Miguel Silva
> <luismiguelferreirasilva at gmail.com> wrote:
> > Dear all,
> >
> > I'm brand new to bro (just found out about it and tried yesterday) and
> I'm
> > very intrigued by its capabilities.
> >
> > The documentation says we can write outputs into databases BUT, as I got
> to
> > the logging framework documentation, it seems the only "non file based"
> > writer driver available is for sqlite.
> >
> > I'm really interested in using a server based SQL instance (like
> postgresql,
> > mysql or mariadb) AND a NoSQL service (mongodb or couchdb).
> >
> > Are there any other writer drivers available (even if they are not
> > officially supported / are part of non committed contributions)?
> >
> > If not, can someone give me some pointers on how to develop extra writer
> > drivers?
> >
> > Thank you,
> > Luis Silva
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150128/e633325d/attachment-0001.html
More information about the Bro
mailing list