diff --git a/src/contrib/wardenWatchdog/WardenWatchdog.conf b/src/contrib/wardenWatchdog/WardenWatchdog.conf
index d87bed3e657c29b859a68020701344065b501bda..118a72855a8de29e8ea28b0f36023b45eff0601e 100644
--- a/src/contrib/wardenWatchdog/WardenWatchdog.conf
+++ b/src/contrib/wardenWatchdog/WardenWatchdog.conf
@@ -57,7 +57,7 @@ END;');
 #-------------------------------------------------------------------------------
 @sql_queries = (
  {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Uvedeny klient, nebo klienti jiz delsi dobu nereportovali zadne udalosti do Wardenu. Je mozne, ze nefunguji spravne.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Uvedeny klient, nebo klienti zasilaji nepodporovany nebo zastaraly typ udalosti na server Warden", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
  {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Uvedeny klient, nebo klienti odesilaji odesilaji udalosti s casem z budoucnosti. Cas prirazeny serverem pri prichodu udalosti (received) musi byt vzdy roven nebo vetsi casu detekce (detected).", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
  {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Uvedeni klient, nebo klienti odesilaji udalosti se zdrojovou adresou, ktera by se nemela objevit v internetu (privatni rozsah), nebo je neplatna (prazdny oktet, oktet je vetsi nez 255, apod.). kvuli omezeni verzi MySQL serveru funguje zatim pouze pro IPv6.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});
 
diff --git a/src/contrib/wardenWatchdog/WardenWatchdog.pm b/src/contrib/wardenWatchdog/WardenWatchdog.pm
index ccd786926e60c3440c8d158cea4c637c59226ee6..e4118f279772456ab218de70c6f4c3fb39df3559 100644
--- a/src/contrib/wardenWatchdog/WardenWatchdog.pm
+++ b/src/contrib/wardenWatchdog/WardenWatchdog.pm
@@ -244,9 +244,9 @@ sub run{
 
   my $date;
   eval{
-    my $dt = DateTime->now();
-    $dt = DateTime->now()->subtract(days => $period);
-    $date = $dt->date();
+    my $dt = DateTime->now(time_zone => 'UTC')->subtract(days => $period);
+    $dt->set_time_zone('local');
+    $date = $dt->strftime("%Y-%m-%d %H:%M:%S");
   } or do {
     #print "Warden watchdog - can't work with date\n";
     syslog("Warden watchdog - can't work with date\n");
diff --git a/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf b/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf
index 7a7c7eca48c936da466ccb8df20916795bc6c15d..dff2db78f689cbb1e41b71ba684f61877d922d80 100644
--- a/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf
+++ b/src/contrib/wardenWatchdog/WardenWatchdogOfflinecheck.conf
@@ -56,35 +56,34 @@ END;');
 #              {query => ; text => ; contact => }
 #-------------------------------------------------------------------------------
 @sql_queries = (
- {query => "SELECT * FROM events WHERE (detected > NOW() OR detected < '2013-02-05 00:00:00') AND valid = 't' GROUP BY service;",
+ {query => "SELECT * FROM events WHERE received > '\$date' AND (detected > NOW() OR detected < '2013-02-05 00:00:00') AND valid = 't' GROUP BY service;",
   text => "Tito udalosti maji cas \"detected\" z doby pred spustenim Wardenu nebo z budoucnosti",
-  contact => 'jakubcegan@cesnet.cz'
- },
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+  contact => 'jakubcegan@cesnet.cz'},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"type\", ktery neni ve slovniku",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(source_type, 'IP,URL,Reply-To:') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.source_type, 'IP,URL,Reply-To:') AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"source_type\", ktery neni ve slovniku",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND NOT FIND_IN_SET(target_proto, 'IP,HTTP,TCP,UDP') AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.target_proto, 'IP,HTTP,TCP,UDP') AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"target_proto\", ktery neni ve slovniku",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  target_port NOT REGEXP ('[0-9]+') AND target_port IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND events.target_port NOT REGEXP ('[0-9]+') AND events.target_port IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"target_port\", ktery neni cislo ani NULL",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  attack_scale NOT REGEXP ('[0-9]+') AND attack_scale IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.attack_scale NOT REGEXP ('[0-9]+') AND  events.attack_scale IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"attack_scale\", ktery neni cislo ani NULL",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  priority NOT REGEXP ('[0-9]+') AND priority IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.priority NOT REGEXP ('[0-9]+') AND  events.priority IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"priority\", ktery neni cislo ani NULL",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  timeout NOT REGEXP ('[0-9]+') AND timeout IS NOT NULL AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.timeout NOT REGEXP ('[0-9]+') AND  events.timeout IS NOT NULL AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"timeout\", ktery neni cislo ani NULL",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '\$date' AND  attack_scale IS NOT NULL AND attack_scale < 1 AND valid = 't' GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND  events.attack_scale IS NOT NULL AND  events.attack_scale < 1 AND events.valid = 't' GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti s \"attack_scale\", ktery je cislo mensi nez jedna",
   contact => 'jakubcegan@cesnet.cz'},
- {query => "SELECT * FROM clients WHERE service IN (SELECT * FROM events WHERE source NOT REGEXP ('(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))') AND source NOT REGEXP ('^(https?://|www\\.)[\.A-Za-z0-9\-]+\\.[a-zA-Z]{2,4}') AND source NOT REGEXP ('((\w|<|>|\ |.{2}|@)+)') GROUP BY service) GROUP BY requestor;",
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND events.source NOT REGEXP ('(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(\d|[1-2]\d|3[0-2]))') AND events.source NOT REGEXP ('^(https?://|www\\.)[\.A-Za-z0-9\-]+\\.[a-zA-Z]{2,4}') AND events.source NOT REGEXP ('((\w|<|>|\ |.{2}|@)+)') GROUP BY requestor;",
   text => "Tito klienti posilaji udalosti se \"source\", ktery neni URL, IP nebo emailova adresa.",
   contact => 'jakubcegan@cesnet.cz'},
  );