[Bro] multiple tables in SQLite Database
Aashish Sharma
asharma at lbl.gov
Sat Mar 25 07:46:39 PDT 2017
This page should help:
https://www.bro.org/sphinx/components/bro-plugins/postgresql/README.html
basically,
event bro_init()
{
local filter: Log::Filter =
[
$name="postgres",
$path="conn",
$writer=Log::WRITER_POSTGRESQL,
$config=table(["dbname"]="testdb")
];
Log::add_filter(Conn::LOG, filter);
}
On Sat, Mar 25, 2017 at 02:39:19PM +0000, Ul Asad, Hafiz wrote:
> Thanks Aashish,
>
> So you mean the following script,
>
> event bro_init()
> {
> local filter: Log::Filter =
> [
> $name="sqlite",
> $path="/var/db/conn",
> $config=table(["tablename"] = "conn"),
> $writer=Log::WRITER_SQLITE
> ];
>
> Log::add_filter(Conn::LOG, filter);
> }
>
> Would write conn.log to a "postgres" database if we make what changes??
>
> Asad
>
> -----Original Message-----
> From: Aashish Sharma [mailto:asharma at lbl.gov]
> Sent: 25 March 2017 14:25
> To: Ul Asad, Hafiz <Hafiz.Ul-Asad.1 at city.ac.uk>
> Cc: bro at bro.org
> Subject: Re: [Bro] multiple tables in SQLite Database
>
> Asad,
>
> You'd need to use postgres instead. SQLite + BRO is good for readonly operations. If you have a lot of reads/writes Postgres works fantastic. It should be fairly straight forward to port your current bro SQLITE policy to use postgres code. I have been using postgres instead as well. Don't use sqlite.
>
> Aashish
>
> On Sat, Mar 25, 2017 at 09:39:28AM +0000, Ul Asad, Hafiz wrote:
> > Bro Users,
> >
> > I have been trying to have multiple logs in a single sqlite database but I am getting the "the database is locked error". This problem was previously raised here, https://bro-tracker.atlassian.net/browse/BIT-1325?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aworklog-tabpanel. I wonder if there has been any solution for it in the Bro 2.5?
> >
> > Regards
> > Asad
>
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list