A colleague of mine (not on this list) is trying to write logs to SQLite. The entries below were added to the bro_init event. The system creates bot h of these tables, but only writes records to one of the tables. The indication was that it seems to only write to whichever table is written to first. Does anyone know why this might be, or have any similar experiences? (The colleague did confirm that there should have been multiple entries in each of the logs – and initially had SQLite entries for all of the standard logs.)
local connFilter: Log::Filter = [
$name=“sqlite”,
$path="/var/lib/sqlite/bro_db",
$config=table([“tablename”] = “conn”),
$writer=Log::WRITER_SQLITE
];
Log::add_filter(Conn::LOG, connFilter);
local weirdFilter: Log::Filter = [
$name=“sqlite”,
$path="/var/lib/sqlite/bro_db",
$config=table([“tablename”] = “weird”),
$writer=Log::WRITER_SQLITE
];
Log::add_filter(Weird::LOG, weirdFilter);
…