Hello everyone,
I have a bro script that logs events based on a blacklist, but I don’t want to log the same IP - blacklisted item twice. I was thinking I could log the data using the SQLite writer, and then also read from that database checking if the event has been logged earlier. Has anyone used the SQLite logging in a cluster, and if so, is there anything I should look out for? The size of the log is very small.
Will I need to manually sync the database so each node in the cluster can reference the tables?
Thanks,