[Bro] How to update table automaticlly when reading from SQLite Databases?
李金苗
beikejinmiao at gmail.com
Thu Feb 25 01:38:08 PST 2016
I see the error of "error:
/root/bro-suricata/bro/intels/abnormal/Input::READER_SQLITE: SQLite only
supports manual reading mode."
Here is my bro script
export {
type Idx_HOST: record {
host: string;
};
type Val: record {
target: string &optional;
start_times: vector of string &optional;
end_times: vector of string &optional;
nsrc_ips: vector of string &optional;
# reason: string &optional;
};
global abnormal_host: table[string] of Val = table();
}
event bro_init()
{
Input::add_table([
$source=abnormal_db,
$name="abnormal_host",
$idx=Idx_HOST,
$val=Val,
$destination=abnormal_host,
$reader=Input::READER_SQLITE,
$config=table(["query"] = "select * from abnormal_host;")
$mode=Input::REREAD
]);
}
How can i reread the data from sqlite automaticlly.?
Or how can i use the command of `Input::force_update("")` in python?
Thanks you very much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160225/4832d532/attachment.html
More information about the Bro
mailing list