base/frameworks/logging/writers/sqlite.zeek

LogSQLite

Interface for the SQLite log writer. Redefinable options are available to tweak the output format of the SQLite reader.

See SQLite Input/Logging for an introduction on how to use the SQLite log writer.

The SQL writer currently supports one writer-specific filter option via config: setting tablename sets the name of the table that is used or created in the SQLite database. An example for this is given in the introduction mentioned above.

Namespace:

LogSQLite

Summary

Redefinable Options

LogSQLite::empty_field: string &redef	String to use for empty fields.
LogSQLite::journal_mode: LogSQLite::SQLiteJournalMode &redef	If changed from SQLITE_JOURNAL_MODE_DEFAULT, runs the PRAGMA journal_mode statement with the provided value after connecting to the SQLite database.
LogSQLite::set_separator: string &redef	Separator between set elements.
LogSQLite::synchronous: LogSQLite::SQLiteSynchronous &redef	If changed from SQLITE_SYNCHRONOUS_DEFAULT, runs the PRAGMA synchronous statement with the provided value after connecting to the SQLite database.
LogSQLite::unset_field: string &redef	String to use for an unset &optional field.

Types

LogSQLite::SQLiteJournalMode: enum	Values supported for SQLite’s PRAGMA journal_mode statement.
LogSQLite::SQLiteSynchronous: enum	Values supported for SQLite’s PRAGMA synchronous statement.

Detailed Interface

Redefinable Options

LogSQLite::empty_field

Type:

string

Attributes:

&redef

Default:

"(empty)"

String to use for empty fields. This should be different from unset_field to make the output unambiguous.

LogSQLite::journal_mode

Type:

LogSQLite::SQLiteJournalMode

Attributes:

&redef

Default:

LogSQLite::SQLITE_JOURNAL_MODE_DEFAULT

If changed from SQLITE_JOURNAL_MODE_DEFAULT, runs the PRAGMA journal_mode statement with the provided value after connecting to the SQLite database. SQLite’s journal_mode documentation for more details around performance, data safety trade offs and interaction with the PRAGMA synchronous statement.

LogSQLite::set_separator

Type:

string

Attributes:

&redef

Default:

","

Separator between set elements.

LogSQLite::synchronous

Type:

LogSQLite::SQLiteSynchronous

Attributes:

&redef

Default:

LogSQLite::SQLITE_SYNCHRONOUS_DEFAULT

If changed from SQLITE_SYNCHRONOUS_DEFAULT, runs the PRAGMA synchronous statement with the provided value after connecting to the SQLite database. See SQLite’s synchronous documentation for more details around performance and data safety trade offs.

LogSQLite::unset_field

Type:

string

Attributes:

&redef

Default:

"-"

String to use for an unset &optional field.

Types

LogSQLite::SQLiteJournalMode

Type:

enum

LogSQLite::SQLITE_JOURNAL_MODE_DEFAULT

LogSQLite::SQLITE_JOURNAL_MODE_DELETE

LogSQLite::SQLITE_JOURNAL_MODE_TRUNCATE

LogSQLite::SQLITE_JOURNAL_MODE_PERSIST

LogSQLite::SQLITE_JOURNAL_MODE_MEMORY

LogSQLite::SQLITE_JOURNAL_MODE_WAL

LogSQLite::SQLITE_JOURNAL_MODE_OFF

Values supported for SQLite’s PRAGMA journal_mode statement.

LogSQLite::SQLiteSynchronous

Type:

enum

LogSQLite::SQLITE_SYNCHRONOUS_DEFAULT

LogSQLite::SQLITE_SYNCHRONOUS_OFF

LogSQLite::SQLITE_SYNCHRONOUS_NORMAL

LogSQLite::SQLITE_SYNCHRONOUS_FULL

LogSQLite::SQLITE_SYNCHRONOUS_EXTRA

Values supported for SQLite’s PRAGMA synchronous statement.