Hello Jakub, this is a known bug at the moment - tracked in https://bro-tracker.atlassian.net/browse/BIT-1325
At the moment there is no workaround to this, besides writing to separate sqlite database files -- sorry. Johanna On 5 Nov 2015, at 7:03, Jakub S. Paulovic wrote: > Hello, > > I am trying to setup Bro to log all the events to a SQLite database. > In my > local.bro file, I have added an event bro_init() with filters > specifying > the writer to be WRITER_SQLITE like this: > > local filter_conn: Log::Filter = > [ > $name="sqlite", > $path="/var/db/conn", > $config=table(["tablename"] = "conn"), > $writer=Log::WRITER_SQLITE > ]; > > Log::add_filter(Conn::LOG, filter_conn); > > local filter_notice: Log::Filter = > [ > $name="sqlite", > $path="/var/db/conn", > $config=table(["tablename"] = "notice"), > $writer=Log::WRITER_SQLITE > ]; > > Log::add_filter(Notice::LOG, filter_notice); > > ... + other filters for http, dhcp and weird set accordingly. > > I want the logs to be written to separate tables in one SQLite > database. > However, when I run bro with this configuration, I almost immediately > get > SQLite errors: > error: /root/bakalarka/capture/bro/sql/log/Log::WRITER_SQLITE: SQLite > call > failed: database is locked > error: /root/bakalarka/capture/bro/sql/log/Log::WRITER_SQLITE: > terminating > thread > > After that, nothing else is written to affected table. Please can You > suggest me what should I do to achieve logging to one database with > multiple tables? > > Thanks > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
