diff --git a/database-schema/create_network_logs.sql b/database-schema/create_network_logs.sql
new file mode 100644
index 0000000..d426aeb
--- /dev/null
+++ b/database-schema/create_network_logs.sql
@@ -0,0 +1,35 @@
+-- =========================================================
+-- SCHEMA: Tabella network_logs per IDS MikroTik
+-- =========================================================
+-- Creata per compatibilità con syslog_parser.py
+-- =========================================================
+
+-- Drop tabella se esiste (solo per ambiente di sviluppo)
+DROP TABLE IF EXISTS network_logs CASCADE;
+
+-- Crea tabella network_logs
+CREATE TABLE network_logs (
+    id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
+    router_name TEXT NOT NULL,
+    timestamp TIMESTAMP NOT NULL,
+    source_ip TEXT NOT NULL,
+    source_port INTEGER,
+    destination_ip TEXT,
+    destination_port INTEGER,
+    protocol TEXT,
+    action TEXT,
+    packet_length INTEGER,
+    raw_message TEXT,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+-- Indici per performance
+CREATE INDEX IF NOT EXISTS source_ip_idx ON network_logs(source_ip);
+CREATE INDEX IF NOT EXISTS timestamp_idx ON network_logs(timestamp);
+CREATE INDEX IF NOT EXISTS router_name_idx ON network_logs(router_name);
+
+-- Commento tabella
+COMMENT ON TABLE network_logs IS 'Log di rete da router MikroTik via syslog (parsati da syslog_parser.py)';
+
+-- Verifica
+SELECT 'Tabella network_logs creata con successo!' AS status;
diff --git a/replit.md b/replit.md
index 127cbb4..4aa6417 100644
--- a/replit.md
+++ b/replit.md
@@ -242,8 +242,12 @@ VALUES ('Router 1', '192.168.1.1', 'admin', 'password', 443, true);
 
 ## Preferenze Utente
 
-### Operazioni Git
-- **IMPORTANTE**: Tutte le operazioni git (commit, push) vengono eseguite **manualmente dall'utente** tramite shell Replit
-- L'agente **NON deve mai** eseguire comandi git automaticamente
-- L'utente preferisce avere pieno controllo su commit e versioning
-- Workflow: Agente modifica file → Utente esegue git commit/push manualmente
+### Operazioni Git e Deployment
+- **IMPORTANTE**: Push su git tramite `./push-gitlab.sh` (NON comandi git manuali)
+- Aggiornamenti server: `./update_from_git.sh` o `./update_from_git.sh --db`
+- Workflow iterativo:
+  1. Utente fornisce errori/modifiche dal server AlmaLinux
+  2. Agente risolve problemi e modifica file su Replit
+  3. Utente esegue `./push-gitlab.sh` per commit+push
+  4. Utente testa su server con `./update_from_git.sh`
+  5. Ripeti fino a funzionamento completo
diff --git a/shared/schema.ts b/shared/schema.ts
index 5de7544..c578b9f 100644
--- a/shared/schema.ts
+++ b/shared/schema.ts
@@ -19,21 +19,21 @@ export const routers = pgTable("routers", {
 // Network logs from MikroTik (syslog)
 export const networkLogs = pgTable("network_logs", {
   id: varchar("id").primaryKey().default(sql`gen_random_uuid()`),
-  routerId: varchar("router_id").references(() => routers.id).notNull(),
+  routerName: text("router_name").notNull(), // Hostname dal syslog
   timestamp: timestamp("timestamp").notNull(),
   sourceIp: text("source_ip").notNull(),
-  destIp: text("dest_ip"),
   sourcePort: integer("source_port"),
-  destPort: integer("dest_port"),
+  destinationIp: text("destination_ip"),
+  destinationPort: integer("destination_port"),
   protocol: text("protocol"),
   action: text("action"),
-  bytes: integer("bytes"),
-  packets: integer("packets"),
-  loggedAt: timestamp("logged_at").defaultNow().notNull(),
+  packetLength: integer("packet_length"),
+  rawMessage: text("raw_message"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
 }, (table) => ({
   sourceIpIdx: index("source_ip_idx").on(table.sourceIp),
   timestampIdx: index("timestamp_idx").on(table.timestamp),
-  routerIdIdx: index("router_id_idx").on(table.routerId),
+  routerNameIdx: index("router_name_idx").on(table.routerName),
 }));
 
 // Detected threats/anomalies
@@ -85,12 +85,7 @@ export const routersRelations = relations(routers, ({ many }) => ({
   logs: many(networkLogs),
 }));
 
-export const networkLogsRelations = relations(networkLogs, ({ one }) => ({
-  router: one(routers, {
-    fields: [networkLogs.routerId],
-    references: [routers.id],
-  }),
-}));
+// Rimossa relazione router (non più FK)
 
 // Insert schemas
 export const insertRouterSchema = createInsertSchema(routers).omit({
@@ -101,7 +96,7 @@ export const insertRouterSchema = createInsertSchema(routers).omit({
 
 export const insertNetworkLogSchema = createInsertSchema(networkLogs).omit({
   id: true,
-  loggedAt: true,
+  createdAt: true,
 });
 
 export const insertDetectionSchema = createInsertSchema(detections).omit({