[Bro] SQLite logging and as white/blacklist in a cluster
Papulis, George
george.papulis at wustl.edu
Wed Oct 26 12:41:44 PDT 2016
Hello everyone,
I have a bro script that logs events based on a blacklist, but I don't want to log the same IP - blacklisted item twice. I was thinking I could log the data using the SQLite writer, and then also read from that database checking if the event has been logged earlier. Has anyone used the SQLite logging in a cluster, and if so, is there anything I should look out for? The size of the log is very small.
Will I need to manually sync the database so each node in the cluster can reference the tables?
Thanks,
George Papulis, GCIA, GPEN
Information Security Analyst
Washington University in St. Louis
george.papulis at wustl.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161026/49125339/attachment.html
More information about the Bro
mailing list