diff --git a/conf/mentat-cleanup.py.conf b/conf/mentat-cleanup.py.conf
index d8d5b22c4edb2d5ac2f02a04f804fc085dee349d..a32f55f8b573f9bd0a4b704804c27dc948828249 100644
--- a/conf/mentat-cleanup.py.conf
+++ b/conf/mentat-cleanup.py.conf
@@ -46,22 +46,22 @@
"threshold_type": "y"
},
{
- "table": "enum_cesnet_eventclass",
+ "table": "enum_eventclass",
"column": "last_seen",
"threshold_type": "y"
},
{
- "table": "enum_cesnet_eventseverity",
+ "table": "enum_eventseverity",
"column": "last_seen",
"threshold_type": "y"
},
{
- "table": "enum_cesnet_inspectionerrors",
+ "table": "enum_inspectionerrors",
"column": "last_seen",
"threshold_type": "y"
},
{
- "table": "enum_cesnet_resolvedabuses",
+ "table": "enum_resolvedabuses",
"column": "last_seen",
"threshold_type": "y"
},
diff --git a/conf/mentat-precache.py.conf b/conf/mentat-precache.py.conf
index ec2f2ba3710e0329536302d70139d5164c18b2df..dc1c62501dcb221c5c2a62b18d7002ea4c5e97db 100644
--- a/conf/mentat-precache.py.conf
+++ b/conf/mentat-precache.py.conf
@@ -20,10 +20,10 @@
["itemset-stat-detectors", "node_name"],
["itemset-stat-detectortypes", "node_type"],
["itemset-stat-protocols", "protocol"],
- ["itemset-stat-groups", "cesnet_resolvedabuses"],
- ["itemset-stat-classes", "cesnet_eventclass"],
- ["itemset-stat-severities", "cesnet_eventseverity"],
- ["itemset-stat-inspectionerrors", "cesnet_inspectionerrors"]
+ ["itemset-stat-groups", "resolvedabuses"],
+ ["itemset-stat-classes", "eventclass"],
+ ["itemset-stat-severities", "eventseverity"],
+ ["itemset-stat-inspectionerrors", "inspectionerrors"]
],
# Allow storing empty item sets as valid result (flag).
diff --git a/doc/sphinx/_doclib/database.rst b/doc/sphinx/_doclib/database.rst
index 1e3e230788babba2f134c389270e77c797d99af7..e2a426aaec511badb31dbab844cdcf63407ded40 100644
--- a/doc/sphinx/_doclib/database.rst
+++ b/doc/sphinx/_doclib/database.rst
@@ -181,7 +181,7 @@ As of PostgreSQL 9.6, with significant further improvements in 10.0 and gradual
# Original default value 512kB
min_parallel_index_scan_size = 128kB
-* Defines the minimum segment size to partition indices for parallel execution. Lowering this value to 128kB enables parallel index scans over the most used index events_cesnet_storagetime_idx to run with optimal number of workers across a large range of stored event counts when filtering for a whole day worth of events. Affected queries no longer run over threshold (2s). Lowering this value helps most if either the system is equipped with a high parallel I/O capable disk subsystem or the whole DB fits into RAM. Otherwise it is advised to watch out for workers starving on I/O.
+* Defines the minimum segment size to partition indices for parallel execution. Lowering this value to 128kB enables parallel index scans over the most used index events_storagetime_idx to run with optimal number of workers across a large range of stored event counts when filtering for a whole day worth of events. Affected queries no longer run over threshold (2s). Lowering this value helps most if either the system is equipped with a high parallel I/O capable disk subsystem or the whole DB fits into RAM. Otherwise it is advised to watch out for workers starving on I/O.
.. note::
@@ -247,10 +247,10 @@ CLUSTERing
ALTER TABLE events_thresholded CLUSTER ON events_thresholded_pkey;
ALTER TABLE thresholds CLUSTER ON thresholds_pkey;
ALTER TABLE enum_category CLUSTER ON enum_category_data_key;
- ALTER TABLE enum_cesnet_eventclass CLUSTER ON enum_cesnet_eventclass_data_key;
- ALTER TABLE enum_cesnet_eventseverity CLUSTER ON enum_cesnet_eventseverity_data_key;
- ALTER TABLE enum_cesnet_inspectionerrors CLUSTER ON enum_cesnet_inspectionerrors_data_key;
- ALTER TABLE enum_cesnet_resolvedabuses CLUSTER ON enum_cesnet_resolvedabuses_data_key;
+ ALTER TABLE enum_eventclass CLUSTER ON enum_eventclass_data_key;
+ ALTER TABLE enum_eventseverity CLUSTER ON enum_eventseverity_data_key;
+ ALTER TABLE enum_inspectionerrors CLUSTER ON enum_inspectionerrors_data_key;
+ ALTER TABLE enum_resolvedabuses CLUSTER ON enum_resolvedabuses_data_key;
ALTER TABLE enum_node_name CLUSTER ON enum_node_name_data_key;
ALTER TABLE enum_node_type CLUSTER ON enum_node_type_data_key;
ALTER TABLE enum_protocol CLUSTER ON enum_protocol_data_key;
@@ -319,11 +319,11 @@ IDEA event database
protocol text[],
node_name text[] NOT NULL,
node_type text[],
- cesnet_storagetime timestamp NOT NULL,
- cesnet_resolvedabuses text[],
- cesnet_eventclass text,
- cesnet_eventseverity text,
- cesnet_inspectionerrors text[]
+ storagetime timestamp NOT NULL,
+ resolvedabuses text[],
+ eventclass text,
+ eventseverity text,
+ inspectionerrors text[]
);
#
@@ -364,15 +364,15 @@ IDEA event database
CREATE TABLE IF NOT EXISTS enum_node_type (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
CREATE TABLE IF NOT EXISTS enum_source_type (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
CREATE TABLE IF NOT EXISTS enum_target_type (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
- CREATE TABLE IF NOT EXISTS enum_cesnet_resolvedabuses (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
- CREATE TABLE IF NOT EXISTS enum_cesnet_eventclass (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
- CREATE TABLE IF NOT EXISTS enum_cesnet_eventseverity (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
- CREATE TABLE IF NOT EXISTS enum_cesnet_inspectionerrors (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
+ CREATE TABLE IF NOT EXISTS enum_resolvedabuses (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
+ CREATE TABLE IF NOT EXISTS enum_eventclass (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
+ CREATE TABLE IF NOT EXISTS enum_eventseverity (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
+ CREATE TABLE IF NOT EXISTS enum_inspectionerrors (data text UNIQUE NOT NULL, last_seen TIMESTAMP WITHOUT TIME ZONE NOT NULL)
CREATE INDEX IF NOT EXISTS events_detecttime_idx ON events USING BTREE (detecttime);
- CREATE INDEX IF NOT EXISTS events_cesnet_storagetime_idx ON events USING BTREE (cesnet_storagetime);
- CREATE INDEX IF NOT EXISTS events_cesnet_eventseverity_idx ON events USING BTREE (cesnet_eventseverity) WHERE cesnet_eventseverity IS NOT NULL;
- CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, cesnet_resolvedabuses, cesnet_inspectionerrors);
+ CREATE INDEX IF NOT EXISTS events_storagetime_idx ON events USING BTREE (storagetime);
+ CREATE INDEX IF NOT EXISTS events_eventseverity_idx ON events USING BTREE (eventseverity) WHERE eventseverity IS NOT NULL;
+ CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, resolvedabuses, inspectionerrors);
CREATE INDEX IF NOT EXISTS thresholds_thresholdtime_idx ON thresholds USING BTREE (thresholdtime);
CREATE INDEX IF NOT EXISTS thresholds_relapsetime_idx ON thresholds USING BTREE (relapsetime);
@@ -387,10 +387,10 @@ IDEA event database
CREATE INDEX IF NOT EXISTS enum_node_type_lastseen_idx ON enum_node_type USING BTREE (last_seen)
CREATE INDEX IF NOT EXISTS enum_source_type_lastseen_idx ON enum_source_type USING BTREE (last_seen)
CREATE INDEX IF NOT EXISTS enum_target_type_lastseen_idx ON enum_target_type USING BTREE (last_seen)
- CREATE INDEX IF NOT EXISTS enum_cesnet_resolvedabuses_lastseen_idx ON enum_cesnet_resolvedabuses USING BTREE (last_seen)
- CREATE INDEX IF NOT EXISTS enum_cesnet_eventclass_lastseen_idx ON enum_cesnet_eventclass USING BTREE (last_seen)
- CREATE INDEX IF NOT EXISTS enum_cesnet_eventseverity_lastseen_idx ON enum_cesnet_eventseverity USING BTREE (last_seen)
- CREATE INDEX IF NOT EXISTS enum_cesnet_inspectionerrors_lastseen_idx ON cesnet_inspectionerrors USING BTREE (last_seen)
+ CREATE INDEX IF NOT EXISTS enum_resolvedabuses_lastseen_idx ON enum_resolvedabuses USING BTREE (last_seen)
+ CREATE INDEX IF NOT EXISTS enum_eventclass_lastseen_idx ON enum_eventclass USING BTREE (last_seen)
+ CREATE INDEX IF NOT EXISTS enum_eventseverity_lastseen_idx ON enum_eventseverity USING BTREE (last_seen)
+ CREATE INDEX IF NOT EXISTS enum_inspectionerrors_lastseen_idx ON inspectionerrors USING BTREE (last_seen)
Usefull maintenance queries
diff --git a/doc/sphinx/_doclib/hawat_plugin_timeline.rst b/doc/sphinx/_doclib/hawat_plugin_timeline.rst
index d034fbf43a157374170b2b55014e35b571b296c2..c53015e417642fff11e0ec7c7d334d27e6a12f8f 100644
--- a/doc/sphinx/_doclib/hawat_plugin_timeline.rst
+++ b/doc/sphinx/_doclib/hawat_plugin_timeline.rst
@@ -278,9 +278,9 @@ Following parameters may be specified as standard HTTP query parameters:
(mentat.stats.idea.ST_SKEY_PROTOCOLS, {}, {"aggr_set": "protocol"}),
(mentat.stats.idea.ST_SKEY_DETECTORS, {}, {"aggr_set": "node_name"}),
(mentat.stats.idea.ST_SKEY_DETECTORTPS, {}, {"aggr_set": "node_type"}),
- (mentat.stats.idea.ST_SKEY_ABUSES, {}, {"aggr_set": "cesnet_resolvedabuses"}),
- (mentat.stats.idea.ST_SKEY_CLASSES, {}, {"aggr_set": "cesnet_eventclass"}),
- (mentat.stats.idea.ST_SKEY_SEVERITIES, {}, {"aggr_set": "cesnet_eventseverity"}),
+ (mentat.stats.idea.ST_SKEY_ABUSES, {}, {"aggr_set": "resolvedabuses"}),
+ (mentat.stats.idea.ST_SKEY_CLASSES, {}, {"aggr_set": "eventclass"}),
+ (mentat.stats.idea.ST_SKEY_SEVERITIES, {}, {"aggr_set": "eventseverity"}),
``limit``
* *Description:* Perform toplisting for address and port statistics
diff --git a/doc/sphinx/_doclib/upgrading.rst b/doc/sphinx/_doclib/upgrading.rst
index e121c0121c0d44445e780617a4eb01dba0a2cbbe..9fb13e378d075203e15010c98cdf1b99dd24b82a 100644
--- a/doc/sphinx/_doclib/upgrading.rst
+++ b/doc/sphinx/_doclib/upgrading.rst
@@ -236,8 +236,8 @@ from version ``11.x`` to ``12.x``.
$ psql mentat_events
DROP INDEX events_detecttime_idx;
DROP INDEX events_combined_idx;
- DROP INDEX events_cesnet_storagetime_idx;
- DROP INDEX events_cesnet_eventseverity_idx;
+ DROP INDEX events_storagetime_idx;
+ DROP INDEX events_eventseverity_idx;
ALTER TABLE events DROP CONSTRAINT events_pkey;
VACUUM FREEZE VERBOSE;
CHECKPOINT;
@@ -279,9 +279,9 @@ from version ``11.x`` to ``12.x``.
REINDEX DATABASE mentat_events;
ALTER TABLE events ADD PRIMARY KEY (id);
CREATE INDEX IF NOT EXISTS events_detecttime_idx ON events USING BTREE (detecttime);
- CREATE INDEX IF NOT EXISTS events_cesnet_storagetime_idx ON events USING BTREE (cesnet_storagetime);
- CREATE INDEX IF NOT EXISTS events_cesnet_eventseverity_idx ON events USING BTREE (cesnet_eventseverity) WHERE cesnet_eventseverity IS NOT NULL;
- CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, cesnet_resolvedabuses, cesnet_inspectionerrors);
+ CREATE INDEX IF NOT EXISTS events_storagetime_idx ON events USING BTREE (storagetime);
+ CREATE INDEX IF NOT EXISTS events_eventseverity_idx ON events USING BTREE (eventseverity) WHERE eventseverity IS NOT NULL;
+ CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, resolvedabuses, inspectionerrors);
CHECKPOINT;
ANALYZE VERBOSE;
diff --git a/lib/hawat/blueprints/timeline/__init__.py b/lib/hawat/blueprints/timeline/__init__.py
index 56445bf27f4c7dcd14a02677ae24d4f1406d1abe..0f6d199d95c69a3afbfbf450c4f210f2c0d11fb4 100644
--- a/lib/hawat/blueprints/timeline/__init__.py
+++ b/lib/hawat/blueprints/timeline/__init__.py
@@ -56,9 +56,9 @@ AGGREGATIONS = (
(mentat.stats.idea.ST_SKEY_PROTOCOLS, {}, {"aggr_set": "protocol"}),
(mentat.stats.idea.ST_SKEY_DETECTORS, {}, {"aggr_set": "node_name"}),
(mentat.stats.idea.ST_SKEY_DETECTORTPS, {}, {"aggr_set": "node_type"}),
- (mentat.stats.idea.ST_SKEY_ABUSES, {}, {"aggr_set": "cesnet_resolvedabuses"}),
- (mentat.stats.idea.ST_SKEY_CLASSES, {}, {"aggr_set": "cesnet_eventclass"}),
- (mentat.stats.idea.ST_SKEY_SEVERITIES, {}, {"aggr_set": "cesnet_eventseverity"}),
+ (mentat.stats.idea.ST_SKEY_ABUSES, {}, {"aggr_set": "resolvedabuses"}),
+ (mentat.stats.idea.ST_SKEY_CLASSES, {}, {"aggr_set": "eventclass"}),
+ (mentat.stats.idea.ST_SKEY_SEVERITIES, {}, {"aggr_set": "eventseverity"}),
)
diff --git a/lib/hawat/events.py b/lib/hawat/events.py
index 69d5823e7da3f7e6c69a2b40a591640b2fc517d1..137364dce9d2aa5c07efcd1a9085af532464f3f3 100644
--- a/lib/hawat/events.py
+++ b/lib/hawat/events.py
@@ -86,13 +86,13 @@ def get_event_severities():
"""
Return list of all available event severities.
"""
- return _get_values('itemset-stat-severities.json', 'cesnet_eventseverity')
+ return _get_values('itemset-stat-severities.json', 'eventseverity')
def get_event_classes():
"""
Return list of all available event classes.
"""
- return _get_values('itemset-stat-classes.json', 'cesnet_eventclass')
+ return _get_values('itemset-stat-classes.json', 'eventclass')
def get_event_protocols():
"""
@@ -104,7 +104,7 @@ def get_event_inspection_errs():
"""
Return list of all available event inspection errors.
"""
- return _get_values('itemset-stat-inspectionerrors.json', 'cesnet_inspectionerrors')
+ return _get_values('itemset-stat-inspectionerrors.json', 'inspectionerrors')
def db_settings(app):
"""
diff --git a/lib/mentat/idea/internal.py b/lib/mentat/idea/internal.py
index 641c0803f623becc91655c9b0870cc658b434f88..2073c473b0c075f329e2a361121c853fe706ae1f 100644
--- a/lib/mentat/idea/internal.py
+++ b/lib/mentat/idea/internal.py
@@ -456,16 +456,16 @@ class IdeaGhost(Idea):
node['Type'] = list(record.node_type)
idea_raw.setdefault('Node', []).append(node)
- if record.cesnet_resolvedabuses:
- idea_raw.setdefault('_Mentat', {})['ResolvedAbuses'] = list(record.cesnet_resolvedabuses)
- if record.cesnet_storagetime:
- idea_raw.setdefault('_Mentat', {})['StorageTime'] = record.cesnet_storagetime
- if record.cesnet_eventclass:
- idea_raw.setdefault('_Mentat', {})['EventClass'] = record.cesnet_eventclass
- if record.cesnet_eventseverity:
- idea_raw.setdefault('_Mentat', {})['EventSeverity'] = record.cesnet_eventseverity
- if record.cesnet_inspectionerrors:
- idea_raw.setdefault('_Mentat', {})['InspectionErrors'] = list(record.cesnet_inspectionerrors)
+ if record.resolvedabuses:
+ idea_raw.setdefault('_Mentat', {})['ResolvedAbuses'] = list(record.resolvedabuses)
+ if record.storagetime:
+ idea_raw.setdefault('_Mentat', {})['StorageTime'] = record.storagetime
+ if record.eventclass:
+ idea_raw.setdefault('_Mentat', {})['EventClass'] = record.eventclass
+ if record.eventseverity:
+ idea_raw.setdefault('_Mentat', {})['EventSeverity'] = record.eventseverity
+ if record.inspectionerrors:
+ idea_raw.setdefault('_Mentat', {})['InspectionErrors'] = list(record.inspectionerrors)
try:
return cls(idea_raw)
diff --git a/lib/mentat/idea/sqldb.py b/lib/mentat/idea/sqldb.py
index 9b46a6d17026f9b1b06b1139395c615b21a73e51..d8a503e165a8e2296095f780dd0ed881dad23626 100644
--- a/lib/mentat/idea/sqldb.py
+++ b/lib/mentat/idea/sqldb.py
@@ -114,11 +114,11 @@ class Idea: # pylint: disable=locally-disabled,too-many-instance-attributes,t
protocol = set()
node_name = list()
node_type = set()
- cesnet_resolvedabuses = list()
- cesnet_storagetime = None
- cesnet_eventclass = None
- cesnet_eventseverity = None
- cesnet_inspectionerrors = list()
+ resolvedabuses = list()
+ storagetime = None
+ eventclass = None
+ eventseverity = None
+ inspectionerrors = list()
jsonb = None
def __init__(self, idea_event):
@@ -180,19 +180,19 @@ class Idea: # pylint: disable=locally-disabled,too-many-instance-attributes,t
raise KeyError("Missing Node name")
self.node_type = idea_event.get_types('Node')
- # CESNET implementation specific metadata.
- self.cesnet_resolvedabuses = idea_event.get_abuses()
- self.cesnet_storagetime = idea_event.get_storage_time()
+ # Mentat implementation specific metadata.
+ self.resolvedabuses = idea_event.get_abuses()
+ self.storagetime = idea_event.get_storage_time()
- self.cesnet_eventclass = idea_event.get_class()
- if self.cesnet_eventclass:
- self.cesnet_eventclass = self.cesnet_eventclass.lower()
+ self.eventclass = idea_event.get_class()
+ if self.eventclass:
+ self.eventclass = self.eventclass.lower()
- self.cesnet_eventseverity = idea_event.get_severity()
- if self.cesnet_eventseverity:
- self.cesnet_eventseverity = self.cesnet_eventseverity.lower()
+ self.eventseverity = idea_event.get_severity()
+ if self.eventseverity:
+ self.eventseverity = self.eventseverity.lower()
- self.cesnet_inspectionerrors = idea_event.get_inspection_errors()
+ self.inspectionerrors = idea_event.get_inspection_errors()
@staticmethod
def _aggr_iplist(ranges, rngcls):
@@ -253,10 +253,10 @@ class Idea: # pylint: disable=locally-disabled,too-many-instance-attributes,t
self.protocol,
self.node_name,
self.node_type,
- self.cesnet_resolvedabuses,
- self.cesnet_storagetime,
- self.cesnet_eventclass,
- self.cesnet_eventseverity,
- self.cesnet_inspectionerrors,
+ self.resolvedabuses,
+ self.storagetime,
+ self.eventclass,
+ self.eventseverity,
+ self.inspectionerrors,
self.jsonb
)
diff --git a/lib/mentat/idea/test_sqldb.py b/lib/mentat/idea/test_sqldb.py
index 96244afbdc34c7e45ae263d440f96130c08e709f..df9450b04374741d8d6277def0b8cfb6623ffe23 100644
--- a/lib/mentat/idea/test_sqldb.py
+++ b/lib/mentat/idea/test_sqldb.py
@@ -230,11 +230,11 @@ class TestMentatIdeaJSON(unittest.TestCase):
self.assertEqual(idea_sqldb.description, 'Synthetic example')
self.assertEqual(idea_sqldb.node_name, ['org.example.kippo_honey'])
self.assertEqual(idea_sqldb.node_type, ['Honeypot', 'Protocol'])
- self.assertEqual(idea_sqldb.cesnet_resolvedabuses, ['abuse@cesnet.cz'])
- self.assertEqual(idea_sqldb.cesnet_storagetime.isoformat(), '2017-04-05T10:21:39')
- self.assertEqual(idea_sqldb.cesnet_eventclass, 'vulnerable-config-ssdp')
- self.assertEqual(idea_sqldb.cesnet_eventseverity, 'low')
- self.assertEqual(idea_sqldb.cesnet_inspectionerrors, ['Demonstration error - first', 'Demonstration error - second'])
+ self.assertEqual(idea_sqldb.resolvedabuses, ['abuse@cesnet.cz'])
+ self.assertEqual(idea_sqldb.storagetime.isoformat(), '2017-04-05T10:21:39')
+ self.assertEqual(idea_sqldb.eventclass, 'vulnerable-config-ssdp')
+ self.assertEqual(idea_sqldb.eventseverity, 'low')
+ self.assertEqual(idea_sqldb.inspectionerrors, ['Demonstration error - first', 'Demonstration error - second'])
def test_02_missing_node_names(self):
"""
diff --git a/lib/mentat/module/precache.py b/lib/mentat/module/precache.py
index 69e95b2ff932846095360c0740c48ea8c43b3949..333d16eded1e62e8803b42730fa6995759732ae0 100644
--- a/lib/mentat/module/precache.py
+++ b/lib/mentat/module/precache.py
@@ -82,10 +82,10 @@ Custom config file options
["itemset-stat-detectors", "node_name"],
["itemset-stat-detectortypes", "node_type"],
["itemset-stat-protocols", "protocol"],
- ["itemset-stat-groups", "cesnet_resolvedabuses"],
- ["itemset-stat-classes", "cesnet_eventclass"],
- ["itemset-stat-severities", "cesnet_eventseverity"],
- ["itemset-stat-inspectionerrors", "cesnet_inspectionerrors"]
+ ["itemset-stat-groups", "resolvedabuses"],
+ ["itemset-stat-classes", "eventclass"],
+ ["itemset-stat-severities", "eventseverity"],
+ ["itemset-stat-inspectionerrors", "inspectionerrors"]
],
*Type:* ``list of list of strings``, *default:* ``[]``
diff --git a/lib/mentat/services/eventstorage.py b/lib/mentat/services/eventstorage.py
index 3ccb581da95e9b16bedc0241b08b0feb74b55eb1..7f51283bbaacd068935c8f965d8c0799b8c02a0c 100644
--- a/lib/mentat/services/eventstorage.py
+++ b/lib/mentat/services/eventstorage.py
@@ -68,10 +68,10 @@ ENUM_TABLES = (
"node_type",
"source_type",
"target_type",
- "cesnet_resolvedabuses",
- "cesnet_eventclass",
- "cesnet_eventseverity",
- "cesnet_inspectionerrors"
+ "resolvedabuses",
+ "eventclass",
+ "eventseverity",
+ "inspectionerrors"
)
EVENTS_COLUMNS = (
@@ -92,11 +92,11 @@ EVENTS_COLUMNS = (
"protocol",
"node_name",
"node_type",
- "cesnet_resolvedabuses",
- "cesnet_storagetime",
- "cesnet_eventclass",
- "cesnet_eventseverity",
- "cesnet_inspectionerrors",
+ "resolvedabuses",
+ "storagetime",
+ "eventclass",
+ "eventseverity",
+ "inspectionerrors",
)
EVENTS_COLUMNS_ARRAY = (
@@ -110,8 +110,8 @@ EVENTS_COLUMNS_ARRAY = (
"protocol",
"node_name",
"node_type",
- "cesnet_resolvedabuses",
- "cesnet_inspectionerrors",
+ "resolvedabuses",
+ "inspectionerrors",
)
EVENTS_COLUMNS_TOPLISTED = (
@@ -119,7 +119,7 @@ EVENTS_COLUMNS_TOPLISTED = (
"target_ip",
"source_port",
"target_port",
- "cesnet_resolvedabuses",
+ "resolvedabuses",
)
RE_QNAME = ' AS "_mentatq\\(([^)]+)\\)_"'
@@ -299,10 +299,10 @@ def _bq_where(parameters):
chunks.append(psycopg2.sql.SQL('{} <= %s').format(psycopg2.sql.Identifier('detecttime')))
params.append(parameters['dt_to'])
if parameters.get('st_from', None):
- chunks.append(psycopg2.sql.SQL('{} >= %s').format(psycopg2.sql.Identifier('cesnet_storagetime')))
+ chunks.append(psycopg2.sql.SQL('{} >= %s').format(psycopg2.sql.Identifier('storagetime')))
params.append(parameters['st_from'])
if parameters.get('st_to', None):
- chunks.append(psycopg2.sql.SQL('{} <= %s').format(psycopg2.sql.Identifier('cesnet_storagetime')))
+ chunks.append(psycopg2.sql.SQL('{} <= %s').format(psycopg2.sql.Identifier('storagetime')))
params.append(parameters['st_to'])
if parameters.get('host_addrs', None):
@@ -338,12 +338,12 @@ def _bq_where(parameters):
for item in (
('protocols', 'protocol', _bq_param_multi_to_array),
('categories', 'category', _bq_param_multi_to_array),
- ('classes', 'cesnet_eventclass', _bq_param_multi_to_scalar),
- ('severities', 'cesnet_eventseverity', _bq_param_multi_to_scalar),
+ ('classes', 'eventclass', _bq_param_multi_to_scalar),
+ ('severities', 'eventseverity', _bq_param_multi_to_scalar),
('detectors', 'node_name', _bq_param_multi_to_array),
('detector_types', 'node_type', _bq_param_multi_to_array),
- ('groups', 'cesnet_resolvedabuses', _bq_param_multi_to_array),
- ('inspection_errs', 'cesnet_inspectionerrors', _bq_param_multi_to_array),
+ ('groups', 'resolvedabuses', _bq_param_multi_to_array),
+ ('inspection_errs', 'inspectionerrors', _bq_param_multi_to_array),
):
if parameters.get(item[0], None):
item[2](
@@ -420,13 +420,9 @@ def build_query(parameters = None, qtype = QTYPE_SELECT, qname = None):
if qtype in (QTYPE_SELECT, QTYPE_SELECT_GHOST) and parameters:
if parameters.get('sortby', None):
field, direction = parameters['sortby'].split('.')
- if field == 'detecttime':
- field = 'detecttime'
- elif field == 'storagetime':
- field = 'cesnet_storagetime'
- else:
+ if field != 'detecttime' and field != 'storagetime':
if parameters.get('st_from', None) or parameters.get('st_to', None):
- field = 'cesnet_storagetime'
+ field = 'storagetime'
else:
field = 'detecttime'
@@ -594,7 +590,7 @@ class EventStorageCursor:
record = idea_pgsql.get_record()
self.cursor.execute(
- "INSERT INTO events (id, detecttime, category, description, source_ip, target_ip, source_ip_aggr_ip4, source_ip_aggr_ip6, target_ip_aggr_ip4, target_ip_aggr_ip6, source_port, target_port, source_type, target_type, protocol, node_name, node_type, cesnet_resolvedabuses, cesnet_storagetime, cesnet_eventclass, cesnet_eventseverity, cesnet_inspectionerrors) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
+ "INSERT INTO events (id, detecttime, category, description, source_ip, target_ip, source_ip_aggr_ip4, source_ip_aggr_ip6, target_ip_aggr_ip4, target_ip_aggr_ip6, source_port, target_port, source_type, target_type, protocol, node_name, node_type, resolvedabuses, storagetime, eventclass, eventseverity, inspectionerrors) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
record[0:-1]
)
self.cursor.execute(
@@ -767,7 +763,7 @@ class EventStorageCursor:
"""
params = ('{:d}s'.format(interval),)
query = psycopg2.sql.SQL("SELECT max({}) > NOW() AT TIME ZONE 'GMT' - INTERVAL %s AS watchdog FROM events").\
- format(psycopg2.sql.Identifier('cesnet_storagetime'))
+ format(psycopg2.sql.Identifier('storagetime'))
self.lastquery = self.cursor.mogrify(query, params)
self.cursor.execute(query, params)
@@ -1121,7 +1117,7 @@ class EventStorageService:
"""
# Base list of CREATE TABLE SQLs.
create_table_sqls = [
- "CREATE TABLE IF NOT EXISTS events(id text PRIMARY KEY, detecttime timestamp NOT NULL, category text[] NOT NULL, description text, source_ip iprange[], target_ip iprange[], source_ip_aggr_ip4 ip4r, source_ip_aggr_ip6 ip6r, target_ip_aggr_ip4 ip4r, target_ip_aggr_ip6 ip6r, source_port integer[], target_port integer[], source_type text[], target_type text[], protocol text[], node_name text[] NOT NULL, node_type text[], cesnet_storagetime timestamp NOT NULL, cesnet_resolvedabuses text[], cesnet_eventclass text, cesnet_eventseverity text, cesnet_inspectionerrors text[])",
+ "CREATE TABLE IF NOT EXISTS events(id text PRIMARY KEY, detecttime timestamp NOT NULL, category text[] NOT NULL, description text, source_ip iprange[], target_ip iprange[], source_ip_aggr_ip4 ip4r, source_ip_aggr_ip6 ip6r, target_ip_aggr_ip4 ip4r, target_ip_aggr_ip6 ip6r, source_port integer[], target_port integer[], source_type text[], target_type text[], protocol text[], node_name text[] NOT NULL, node_type text[], storagetime timestamp NOT NULL, resolvedabuses text[], eventclass text, eventseverity text, inspectionerrors text[])",
"CREATE TABLE IF NOT EXISTS events_json(id text PRIMARY KEY REFERENCES events(id) ON DELETE CASCADE, event bytea NOT NULL)",
"CREATE TABLE IF NOT EXISTS thresholds(id text PRIMARY KEY, thresholdtime timestamp NOT NULL, relapsetime timestamp NOT NULL, ttltime timestamp NOT NULL)",
"CREATE TABLE IF NOT EXISTS events_thresholded(eventid text NOT NULL, keyid text NOT NULL, groupname text NOT NULL, eventseverity text NOT NULL, createtime timestamp NOT NULL, PRIMARY KEY(eventid, keyid))"
@@ -1151,9 +1147,9 @@ class EventStorageService:
# Base list of CREATE INDEX SQLs.
create_index_sqls = [
"CREATE INDEX IF NOT EXISTS events_detecttime_idx ON events USING BTREE (detecttime)",
- "CREATE INDEX IF NOT EXISTS events_cesnet_storagetime_idx ON events USING BTREE (cesnet_storagetime)",
- "CREATE INDEX IF NOT EXISTS events_cesnet_eventseverity_idx ON events USING BTREE (cesnet_eventseverity) WHERE cesnet_eventseverity IS NOT NULL",
- "CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, cesnet_resolvedabuses, cesnet_inspectionerrors)",
+ "CREATE INDEX IF NOT EXISTS events_storagetime_idx ON events USING BTREE (storagetime)",
+ "CREATE INDEX IF NOT EXISTS events_eventseverity_idx ON events USING BTREE (eventseverity) WHERE eventseverity IS NOT NULL",
+ "CREATE INDEX IF NOT EXISTS events_combined_idx ON events USING GIN (category, node_name, protocol, source_port, target_port, source_type, target_type, node_type, resolvedabuses, inspectionerrors)",
"CREATE INDEX IF NOT EXISTS thresholds_thresholdtime_idx ON thresholds USING BTREE (thresholdtime)",
"CREATE INDEX IF NOT EXISTS thresholds_relapsetime_idx ON thresholds USING BTREE (relapsetime)",
"CREATE INDEX IF NOT EXISTS thresholds_ttltime_idx ON thresholds USING BTREE (ttltime)",
@@ -1217,9 +1213,9 @@ class EventStorageService:
# Base list of DROP INDEX SQLs.
drop_index_sqls = [
"DROP INDEX IF EXISTS events_detecttime_idx",
- "DROP INDEX IF EXISTS events_cesnet_storagetime_idx",
- "DROP INDEX IF EXISTS events_cesnet_resolvedabuses_idx",
- "DROP INDEX IF EXISTS events_cesnet_eventseverity_idx",
+ "DROP INDEX IF EXISTS events_storagetime_idx",
+ "DROP INDEX IF EXISTS events_resolvedabuses_idx",
+ "DROP INDEX IF EXISTS events_eventseverity_idx",
"DROP INDEX IF EXISTS events_combined_idx",
"DROP INDEX IF EXISTS thresholds_thresholdtime_idx",
"DROP INDEX IF EXISTS thresholds_relapsetime_idx",
@@ -1445,11 +1441,11 @@ class EventStorageService:
enum_table = "enum_{}".format(column)
# Build and execute query for updating enumeration table.
enum_query = psycopg2.sql.SQL("INSERT INTO {} (SELECT * FROM (").format(psycopg2.sql.Identifier(enum_table))
- if column not in ('cesnet_eventclass', 'cesnet_eventseverity'):
+ if column not in ('eventclass', 'eventseverity'):
enum_query += psycopg2.sql.SQL("SELECT unnest({})").format(psycopg2.sql.Identifier(column))
else:
enum_query += psycopg2.sql.SQL("SELECT {}").format(psycopg2.sql.Identifier(column))
- enum_query += psycopg2.sql.SQL(' AS data, max(cesnet_storagetime) AS last_seen FROM events WHERE cesnet_storagetime >= COALESCE((SELECT max(last_seen) FROM {}), (SELECT min(cesnet_storagetime) FROM events)) GROUP BY data) AS enum WHERE data IS NOT NULL) ON CONFLICT (data) DO UPDATE SET last_seen = excluded.last_seen').format(psycopg2.sql.Identifier(enum_table))
+ enum_query += psycopg2.sql.SQL(' AS data, max(storagetime) AS last_seen FROM events WHERE storagetime >= COALESCE((SELECT max(last_seen) FROM {}), (SELECT min(storagetime) FROM events)) GROUP BY data) AS enum WHERE data IS NOT NULL) ON CONFLICT (data) DO UPDATE SET last_seen = excluded.last_seen').format(psycopg2.sql.Identifier(enum_table))
self.cursor.execute(enum_query)
self.commit()
@@ -1674,7 +1670,7 @@ class EventStorageService:
#---
table_wanted_list = [
- ('events', 'cesnet_storagetime'),
+ ('events', 'storagetime'),
('events_json', None),
('events_thresholded', 'createtime'),
('thresholds', 'ttltime')
diff --git a/lib/mentat/services/test_eventstorage.py b/lib/mentat/services/test_eventstorage.py
index 7ecf458181643c15e8e573a5d6beae99009bdac8..f16e9d9aba68ea9a6e48fff981d08e314d7c901b 100644
--- a/lib/mentat/services/test_eventstorage.py
+++ b/lib/mentat/services/test_eventstorage.py
@@ -380,7 +380,7 @@ class TestMentatStorage(unittest.TestCase):
'st_to': datetime.datetime(2012, 11, 3, 10, 0, 7)
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "cesnet_storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
),
(
{
@@ -390,7 +390,7 @@ class TestMentatStorage(unittest.TestCase):
},
'qtype': 'delete'
},
- b'DELETE FROM events WHERE "cesnet_storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "cesnet_storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
+ b'DELETE FROM events WHERE "storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
),
(
{
@@ -400,7 +400,7 @@ class TestMentatStorage(unittest.TestCase):
},
'qtype': 'count'
},
- b'SELECT count(id) FROM events WHERE "cesnet_storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "cesnet_storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
+ b'SELECT count(id) FROM events WHERE "storagetime" >= \'2012-11-03T10:00:07\'::timestamp AND "storagetime" <= \'2012-11-03T10:00:07\'::timestamp'
),
(
{
@@ -580,7 +580,7 @@ class TestMentatStorage(unittest.TestCase):
'classes': ['test', 'vulnerable-config-ssdp']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_eventclass" = ANY(ARRAY[\'test\',\'vulnerable-config-ssdp\'])'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "eventclass" = ANY(ARRAY[\'test\',\'vulnerable-config-ssdp\'])'
),
(
{
@@ -589,7 +589,7 @@ class TestMentatStorage(unittest.TestCase):
'not_classes': True
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("cesnet_eventclass" = ANY(ARRAY[\'test\',\'vulnerable-config-ssdp\']))'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("eventclass" = ANY(ARRAY[\'test\',\'vulnerable-config-ssdp\']))'
),
(
{
@@ -597,7 +597,7 @@ class TestMentatStorage(unittest.TestCase):
'classes': ['__EMPTY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("cesnet_eventclass",\'\') = \'\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("eventclass",\'\') = \'\''
),
(
{
@@ -605,7 +605,7 @@ class TestMentatStorage(unittest.TestCase):
'classes': ['__ANY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("cesnet_eventclass",\'\') != \'\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("eventclass",\'\') != \'\''
),
(
{
@@ -613,7 +613,7 @@ class TestMentatStorage(unittest.TestCase):
'severities': ['test', 'low']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_eventseverity" = ANY(ARRAY[\'test\',\'low\'])'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "eventseverity" = ANY(ARRAY[\'test\',\'low\'])'
),
(
{
@@ -622,7 +622,7 @@ class TestMentatStorage(unittest.TestCase):
'not_severities': True
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("cesnet_eventseverity" = ANY(ARRAY[\'test\',\'low\']))'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("eventseverity" = ANY(ARRAY[\'test\',\'low\']))'
),
(
{
@@ -630,7 +630,7 @@ class TestMentatStorage(unittest.TestCase):
'severities': ['__EMPTY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("cesnet_eventseverity",\'\') = \'\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("eventseverity",\'\') = \'\''
),
(
{
@@ -638,7 +638,7 @@ class TestMentatStorage(unittest.TestCase):
'severities': ['__ANY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("cesnet_eventseverity",\'\') != \'\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE COALESCE("eventseverity",\'\') != \'\''
),
(
{
@@ -712,7 +712,7 @@ class TestMentatStorage(unittest.TestCase):
'groups': ['abuse@cesnet.cz', 'abuse@nic.cz']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\']'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\']'
),
(
{
@@ -721,7 +721,7 @@ class TestMentatStorage(unittest.TestCase):
'not_groups': True
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("cesnet_resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\'])'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE NOT ("resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\'])'
),
(
{
@@ -729,7 +729,7 @@ class TestMentatStorage(unittest.TestCase):
'groups': ['__EMPTY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_resolvedabuses" = \'{}\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "resolvedabuses" = \'{}\''
),
(
{
@@ -737,7 +737,7 @@ class TestMentatStorage(unittest.TestCase):
'groups': ['__ANY__']
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_resolvedabuses" != \'{}\''
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "resolvedabuses" != \'{}\''
),
(
{
@@ -772,7 +772,7 @@ class TestMentatStorage(unittest.TestCase):
'page': 11
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "cesnet_resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\'] LIMIT 50 OFFSET 500'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) WHERE "resolvedabuses" && ARRAY[\'abuse@cesnet.cz\',\'abuse@nic.cz\'] LIMIT 50 OFFSET 500'
),
(
{
@@ -796,7 +796,7 @@ class TestMentatStorage(unittest.TestCase):
'sortby': 'storagetime.desc'
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) ORDER BY "cesnet_storagetime" DESC'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) ORDER BY "storagetime" DESC'
),
(
{
@@ -804,7 +804,7 @@ class TestMentatStorage(unittest.TestCase):
'sortby': 'storagetime.asc'
}
},
- b'SELECT * FROM events INNER JOIN events_json USING(id) ORDER BY "cesnet_storagetime" ASC'
+ b'SELECT * FROM events INNER JOIN events_json USING(id) ORDER BY "storagetime" ASC'
),
]
@@ -867,11 +867,11 @@ class TestMentatStorage(unittest.TestCase):
'parameters': {
'dt_from': datetime.datetime(2012, 11, 3, 10, 0, 7),
'dt_to': datetime.datetime(2012, 11, 3, 10, 0, 7),
- 'aggr_set': 'cesnet_eventclass',
+ 'aggr_set': 'eventclass',
},
'qtype': 'aggregate'
},
- b'SELECT "cesnet_eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-11-03T10:00:07\'::timestamp GROUP BY set'
+ b'SELECT "eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-11-03T10:00:07\'::timestamp GROUP BY set'
),
(
{
@@ -889,12 +889,12 @@ class TestMentatStorage(unittest.TestCase):
'parameters': {
'dt_from': datetime.datetime(2012, 11, 3, 10, 0, 7),
'dt_to': datetime.datetime(2012, 11, 3, 10, 0, 7),
- 'aggr_set': 'cesnet_eventclass',
+ 'aggr_set': 'eventclass',
'limit': 10
},
'qtype': 'aggregate'
},
- b'SELECT "cesnet_eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-11-03T10:00:07\'::timestamp GROUP BY set'
+ b'SELECT "eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-11-03T10:00:07\'::timestamp GROUP BY set'
),
(
{
@@ -925,11 +925,11 @@ class TestMentatStorage(unittest.TestCase):
'dt_from': datetime.datetime(2012, 11, 3, 10, 0, 7),
'dt_to': datetime.datetime(2012, 12, 3, 10, 0, 7),
'step': datetime.timedelta(days = 1),
- 'aggr_set': 'cesnet_eventclass',
+ 'aggr_set': 'eventclass',
},
'qtype': 'timeline'
},
- b'SELECT \'2012-11-03T10:00:07\'::timestamp + \'1 days 0.000000 seconds\'::interval * (width_bucket(detecttime,(SELECT array_agg(buckets) FROM generate_series(\'2012-11-03T10:00:07\'::timestamp,\'2012-12-03T10:00:07\'::timestamp,\'1 days 0.000000 seconds\'::interval) AS buckets)) - 1) AS bucket,"cesnet_eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-12-03T10:00:07\'::timestamp GROUP BY bucket, set ORDER BY bucket ASC'
+ b'SELECT \'2012-11-03T10:00:07\'::timestamp + \'1 days 0.000000 seconds\'::interval * (width_bucket(detecttime,(SELECT array_agg(buckets) FROM generate_series(\'2012-11-03T10:00:07\'::timestamp,\'2012-12-03T10:00:07\'::timestamp,\'1 days 0.000000 seconds\'::interval) AS buckets)) - 1) AS bucket,"eventclass" AS set,COUNT(*) FROM events WHERE "detecttime" >= \'2012-11-03T10:00:07\'::timestamp AND "detecttime" <= \'2012-12-03T10:00:07\'::timestamp GROUP BY bucket, set ORDER BY bucket ASC'
),
(
{
@@ -1644,12 +1644,12 @@ class TestMentatStorage(unittest.TestCase):
)
self.assertEqual(
- storage.distinct_values('cesnet_eventclass'),
+ storage.distinct_values('eventclass'),
['vulnerable-config-ssdp']
)
self.assertEqual(
- storage.distinct_values('cesnet_eventseverity'),
+ storage.distinct_values('eventseverity'),
['low']
)
diff --git a/scripts/mentat-check-alive.sh b/scripts/mentat-check-alive.sh
index 23f1e6f3ad37700b7bfc23a8eb06f2e5290f4113..31ba222bc239203cafe854fa148f7e80c8215883 100755
--- a/scripts/mentat-check-alive.sh
+++ b/scripts/mentat-check-alive.sh
@@ -43,15 +43,15 @@ SET timezone TO 'utc';
\echo
SELECT
node_name AS "Detector",
- MAX(cesnet_storagetime) AS "Last event"
+ MAX(storagetime) AS "Last event"
FROM
events
WHERE
- cesnet_storagetime > LOCALTIMESTAMP - INTERVAL '$DAYS_SEEN day'
+ storagetime > LOCALTIMESTAMP - INTERVAL '$DAYS_SEEN day'
GROUP BY
node_name
HAVING
- MAX(cesnet_storagetime) < LOCALTIMESTAMP - INTERVAL '$DAYS_DEAD day';
+ MAX(storagetime) < LOCALTIMESTAMP - INTERVAL '$DAYS_DEAD day';
\set QUIET 1
\timing off
\unset QUIET
diff --git a/scripts/mentat-check-inspectionerrors.sh b/scripts/mentat-check-inspectionerrors.sh
index fc12a018ca3f46bb39e515aec7832907ec4c4ab3..4834ce80067ce5cf963708e075314559eb5b4946 100755
--- a/scripts/mentat-check-inspectionerrors.sh
+++ b/scripts/mentat-check-inspectionerrors.sh
@@ -42,16 +42,16 @@ SET timezone TO 'utc';
\echo
SELECT
node_name AS "Detector",
- cesnet_inspectionerrors AS "Inspection errors",
+ inspectionerrors AS "Inspection errors",
'${MENTAT_HAWAT_URL}events/' || MAX(id) || '/show' AS "Example event",
COUNT(*) AS "Count"
FROM
events
WHERE
- cesnet_inspectionerrors != '{}'
- AND cesnet_storagetime > localtimestamp - INTERVAL '$DAYS day'
+ inspectionerrors != '{}'
+ AND storagetime > localtimestamp - INTERVAL '$DAYS day'
GROUP BY
- node_name, cesnet_inspectionerrors
+ node_name, inspectionerrors
ORDER BY
node_name;
\set QUIET 1
diff --git a/scripts/mentat-check-noeventclass.sh b/scripts/mentat-check-noeventclass.sh
index f34b5b06e2447a69a9a99a899fcafdb72f1fc8e9..23c86b74b9268ed4a2cf2307dfef84f17f7276b7 100755
--- a/scripts/mentat-check-noeventclass.sh
+++ b/scripts/mentat-check-noeventclass.sh
@@ -47,8 +47,8 @@ SELECT
FROM
events
WHERE
- (cesnet_eventclass IS NULL OR cesnet_eventclass = '')
- AND cesnet_storagetime > localtimestamp - INTERVAL '$DAYS day'
+ (eventclass IS NULL OR eventclass = '')
+ AND storagetime > localtimestamp - INTERVAL '$DAYS day'
GROUP BY
node_name
ORDER BY
diff --git a/scripts/mentat-check-test.sh b/scripts/mentat-check-test.sh
index 5c66f6c058dc1837f8a56b10808b9a225ba0c2f7..7203dc1be7e722226728694fa41a63d095c497ea 100755
--- a/scripts/mentat-check-test.sh
+++ b/scripts/mentat-check-test.sh
@@ -50,7 +50,7 @@ FROM
events
WHERE
'Test' = ANY(category)
- AND cesnet_storagetime > localtimestamp - INTERVAL '$DAYS day'
+ AND storagetime > localtimestamp - INTERVAL '$DAYS day'
GROUP BY
node_name
ORDER BY
diff --git a/scripts/mentat-check-volatiledescription.sh b/scripts/mentat-check-volatiledescription.sh
index 753288cc9f59d2a3c0c37bbfdb82d6f4d0d55cc1..4c5abe4fcf75b18773de43e5ac982726e0a8197c 100755
--- a/scripts/mentat-check-volatiledescription.sh
+++ b/scripts/mentat-check-volatiledescription.sh
@@ -52,7 +52,7 @@ FROM (
FROM
events
WHERE
- cesnet_storagetime > localtimestamp - INTERVAL '$DAYS day'
+ storagetime > localtimestamp - INTERVAL '$DAYS day'
GROUP BY
node_name, category, description
) AS subquery
diff --git a/scripts/sqldb-optimize.sh b/scripts/sqldb-optimize.sh
index 9c30186ed47baeb65010d5f3739c00e4d9ab71a8..08332c7cfed1cf73a5fada75506cbff0118f8e4b 100755
--- a/scripts/sqldb-optimize.sh
+++ b/scripts/sqldb-optimize.sh
@@ -26,10 +26,10 @@ sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE events_json CLUSTER ON
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE events_thresholded CLUSTER ON events_thresholded_pkey;"
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE thresholds CLUSTER ON thresholds_pkey;"
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_category CLUSTER ON enum_category_data_key;"
-sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_cesnet_eventclass CLUSTER ON enum_cesnet_eventclass_data_key;"
-sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_cesnet_eventseverity CLUSTER ON enum_cesnet_eventseverity_data_key;"
-sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_cesnet_inspectionerrors CLUSTER ON enum_cesnet_inspectionerrors_data_key;"
-sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_cesnet_resolvedabuses CLUSTER ON enum_cesnet_resolvedabuses_data_key;"
+sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_eventclass CLUSTER ON enum_eventclass_data_key;"
+sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_eventseverity CLUSTER ON enum_eventseverity_data_key;"
+sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_inspectionerrors CLUSTER ON enum_inspectionerrors_data_key;"
+sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_resolvedabuses CLUSTER ON enum_resolvedabuses_data_key;"
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_node_name CLUSTER ON enum_node_name_data_key;"
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_node_type CLUSTER ON enum_node_type_data_key;"
sudo -u postgres psql -d "mentat_events" -c "ALTER TABLE enum_protocol CLUSTER ON enum_protocol_data_key;"