I'm trying to push my bro data to a database. The example with the conn table works. Now I want to add the http log as well. I've created a new filter in the misc folder, added it to my bro-default and restarted my bro but it doesn't add the new table. What is wrong with my filter?
event bro_init()
{
local filter: Log::Filter =
[
$name="sqlite",
$path="/var/db/conn",
$config=table(["tablename"] = "http"),
$writer=Log::WRITER_SQLITE
];
Log::add_filter(HTTP::LOG, filter);
}
Found the problem. Both of my filters had the same name filter. The moment I changed the name it worked fine.