[Bro] How to update table automaticlly when reading from SQLite Databases?
Johanna Amann
johanna at icir.org
Fri Feb 26 09:04:17 PST 2016
Hello,
On Thu, Feb 25, 2016 at 05:38:08PM +0800, 李金苗 wrote:
> I see the error of "error:
> /root/bro-suricata/bro/intels/abnormal/Input::READER_SQLITE: SQLite only
> supports manual reading mode."
[...]
> How can i reread the data from sqlite automaticlly.?
That is not supported at the moment, sorry. The current implementation
does not support any kind of automatic notification upon changes.
> Or how can i use the command of `Input::force_update("")` in python?
There also is no direct way to do this - you have to trigger the command
within Bro. If you want to trigger it in a python script, you have to send
a notification to Bro that it should execute Input::force_update. The
easiest way to do that probably is to use Broker (the new bro
communication library) in python, send an event to Bro, catch that event
in the master, and let that event call force_update.
I hope this helps,
Johanna
More information about the Bro
mailing list