From 9b30072d6ca7d8373e86dcb26cb09ea82b6246f6 Mon Sep 17 00:00:00 2001
From: Koen Van Impe <koen.vanimpe@cudeso.be>
Date: Sun, 12 Jul 2015 00:28:55 +0200
Subject: [PATCH] Logstash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prepare for Logstash, sqlite module needs an “id” field to keep track
of data.
---
 modules/python/scripts/logsql.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/python/scripts/logsql.py b/modules/python/scripts/logsql.py
index eb621df..997b69f 100644
--- a/modules/python/scripts/logsql.py
+++ b/modules/python/scripts/logsql.py
@@ -59,6 +59,7 @@ def start(self):
 		self.cursor.execute("""CREATE TABLE IF NOT EXISTS 
 			connections	(
 				connection INTEGER PRIMARY KEY,
+				id INTEGER,
 				connection_type TEXT, 
 				connection_transport TEXT, 
 				connection_protocol TEXT, 
@@ -584,6 +585,9 @@ def connection_insert(self, icd, connection_type):
 					(attackid, i ) )
 			self.dbh.commit()
 
+		# Set the ID table ready for Logstash
+        self.cursor.execute("UPDATE connections SET id = ? WHERE connection = ?", (attackid, attackid) )
+
 		return attackid