From mboxrd@z Thu Jan 1 00:00:00 1970 From: Clif Flynt Subject: SQLite Clarification Date: Mon, 31 Jul 2006 16:05:23 -0400 Message-ID: <20060731200523.GA1183@clif.cflynt.com> References: <20060731171437.GA447@clif.cflynt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6VK6H65005870 for ; Mon, 31 Jul 2006 16:06:17 -0400 Received: from mail02.ic.net (mail02.ic.net [152.160.7.138]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6VK6D57006827 for ; Mon, 31 Jul 2006 16:06:13 -0400 Received: from ic.net (relay084.ic.net [152.160.8.94]) by mail02.ic.net (Postfix) with SMTP id C2CB397F091 for ; Mon, 31 Jul 2006 16:06:12 -0400 (EDT) Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com, Clif Flynt List-Id: linux-audit@redhat.com On Mon, Jul 31, 2006 at 01:54:30PM -0400, Steve Grubb wrote: > On Monday 31 July 2006 13:14, Clif Flynt wrote: > > > =C2=A0 My current report generator builds an SQLite database on the f= ly from > > the flat ASCII logs. >=20 > Seems like this would be ideal to marry to the realtime audit event int= erface.=20 > You would set log_format =3D nolog, dispatcher =3D /sbin/your-dispatche= r, and=20 > disp_qos =3D lossless to keep the audit system from writing to disk, se= nd=20 > events to a program, and use blocking comminucation to do it. >=20 > > =C2=A0 I'm using SQLite instead of mySQL or Postgres because it it's = fast, > > mature and robust and doesn't =C2=A0require any database server (or d= badmin) > > to run it. >=20 > I've been looking at using it too. I read some issues that made me wond= er if=20 > it was really suitable: >=20 > http://www.sqlite.org/whentouse.html >=20 > At the bottom it mentions that if something has the database open for r= ead,=20 > then writing is blocked. And the issue about the journal using 256 byte= s for=20 > event MB of data made me wonder also. My other reason for using SQLite is that I'm working with the developer. I forwarded your concerns to Richard Hipp, and received this response: > The database file is only locked for the duration > of the write operation - not while the database is open. A write > normally takes a few milliseconds, then the lock goes away. >=20 > Why is 256 bytes of data for each 1MiB of database a problem? > Is memory so short and databases so large that this might cause > a problem? >=20 > If it is, then increase the page size from the default 1K. > The actually usage is 2 bits per page of data. So if pages > are 32KiB bytes instead of 1KiB, a 1MiB database only needs > 8 bytes of storage for the bitmap. >=20 > -- > D. Richard Hipp Clif --=20 .... Clif Flynt ... http://www.cflynt.com ... clif@cflynt.com ... .. Tcl/Tk: A Developer's Guide (2nd edition) - Morgan Kauffman .. ..13th Annual Tcl/Tk Conference: Oct 9-13, 2006, Chicago, IL .. ............. http://www.tcl.tk/community/tcl2006/ ............