pyplugins.loggers.db module

DB Logger Plugin

This module implements a database-backed event logger plugin for the framework. It uses SQLAlchemy to persist events to a SQLite database in a buffered, asynchronous manner.

Features

  • Buffers events in memory and flushes them to disk in batches for performance.

  • Uses a background thread to periodically flush events or when the buffer is full.

  • Thread-safe event queueing.

  • Schema is auto-created on first flush.

  • Configurable buffer size and output directory.

Usage

from pyplugins.loggers.db import DB

db_logger = DB()
db_logger.add_event(Syscall, row_dict)
db_logger.uninit()

Arguments

  • outdir: Output directory for the SQLite database file.

  • bufsize: Buffer size before flushing to disk (default: 100000).

  • verbose: Enable debug logging.

class pyplugins.loggers.db.DB[source]

Bases: Plugin

Optimized Database-backed event logger. Uses SQLAlchemy Core for bulk inserts and minimizes locking contention.

add_event(table_cls, data)[source]

Add an event to the buffer. Arguments:

table_cls: The SQLAlchemy class (e.g., Syscall) data: A dictionary representing the row

Parameters:

data (dict)

Return type:

None

uninit()[source]

Clean up the plugin and flush any remaining events.

  • Triggers a final flush.

  • Stops the background worker thread.

  • Disposes of the SQLAlchemy engine.

Returns: None

Return type:

None