From 260940304ee9e0a68e2c9c373085e023456400e1 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Fri, 20 Mar 2015 13:12:59 +0100
Subject: [PATCH] zmena nastaveni

---
 src/warden-server/etc/warden-watchdog.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/warden-server/etc/warden-watchdog.conf b/src/warden-server/etc/warden-watchdog.conf
index cf9c40f..e00fd3c 100644
--- a/src/warden-server/etc/warden-watchdog.conf
+++ b/src/warden-server/etc/warden-watchdog.conf
@@ -59,10 +59,10 @@ END;');
 #                          in a database table.
 #-------------------------------------------------------------------------------
 @SQL_QUERIES = (
- {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"},
- {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "jakubcegan@cesnet.cz, ph@cesnet.cz"});
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "plesnik@ics.muni.cz, jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "plesnik@ics.muni.cz, jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "plesnik@ics.muni.cz, jakubcegan@cesnet.cz, ph@cesnet.cz"},
+ {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "plesnik@ics.muni.cz, jakubcegan@cesnet.cz, ph@cesnet.cz"});
 
 #-------------------------------------------------------------------------------
 # SQL_POSTCONDITION - array of procedures which are executed "after" main action
-- 
GitLab