[Zeek] changing conn logging to SQLite

Abdella Battou abattou at gmail.com
Sat Apr 11 08:19:45 PDT 2020

I am new to Zeek and I would like to redist the conn logging to SQLite. The
documentation says that this is natively supported.

I found this filter "sqlite-conn-filte.zeek" in one of the post

event zeek_init()
    local filter: Log::Filter =
        $config=table(["tablename"] = "conn"),

     Log::add_filter(Conn::LOG, filter);

my question is where to put  (which directory) ? and do I need to invoke it
somewhere  ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200411/ba980b94/attachment.html 

More information about the Zeek mailing list