8 changed files with 59 additions and 353 deletions
--- a/attached_assets/Pasted-echo-1-STATO-SERVIZI-systemctl-status-ids-backend-ids-m_1771313827144.txt
+++ b/attached_assets/Pasted-echo-1-STATO-SERVIZI-systemctl-status-ids-backend-ids-m_1771313827144.txt
@ -1,158 +0,0 @@
 echo "=== 1. STATO SERVIZI ===" && systemctl status ids-backend ids-ml-backend ids-syslog-parser ids-analytics ids-auto-block.timer ids-auto-block.service --no-pager -l 2>&1 | tail -80 && echo "=== 2. LOG
 NODE.JS ===" && journalctl -u ids-backend --no-pager -n 50 && echo "=== 3. LOG ML ===" && journalctl -u ids-ml-backend --no-pager -n 50 && echo "=== 4. LOG AUTO-BLOCK ===" && journalctl -u ids-auto-block --no-pager -n 50 && echo "=== 5. LOG SYSLOG ===" && journalctl -u ids-syslog-parser --no-pager -n 30 && echo "=== 6. PORTE ===" && ss -tlnp | grep -E '3001|5001|514' && echo "=== 7. PROCESSI ===" && ps aux | grep -E 'node|python|uvicorn' | grep -v grep && echo "=== 8. DISCO/MEMORIA ===" && df -h / && free -h && echo "=== 9. TEST CONNESSIONE ===" && curl -s -o /dev/null -w "%{http_code} - Node.js backend\n" http://localhost:3001/api/health && curl -s -o /dev/null -w "%{http_code} - ML backend\n" http://localhost:5001/health && echo "=== 10. LOG DB ===" && sudo -u ids psql -d ids_db -c "SELECT COUNT(*) as logs_last_30min FROM network_logs WHERE timestamp > NOW() - INTERVAL '30 minutes';"
 === 1. STATO SERVIZI ===
 Unit ids-backend.service could not be found.
 Unit ids-analytics.service could not be found.
 ● ids-ml-backend.service - IDS ML Backend (FastAPI)
     Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
     Active: active (running) since Mon 2026-02-16 19:29:06 CET; 13h ago
   Main PID: 17629 (python3)
      Tasks: 26 (limit: 100409)
     Memory: 75.8M (max: 2.0G available: 1.9G)
        CPU: 40.396s
     CGroup: /system.slice/ids-ml-backend.service
             └─17629 /opt/ids/python_ml/venv/bin/python3 main.py
 Feb 16 19:29:06 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
 ● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
     Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
     Active: active (running) since Mon 2026-02-16 12:18:52 CET; 20h ago
   Main PID: 1069 (python3)
      Tasks: 1 (limit: 100409)
     Memory: 9.7M (max: 1.0G available: 1014.2M)
        CPU: 1h 59min 34.173s
     CGroup: /system.slice/ids-syslog-parser.service
             └─1069 /opt/ids/python_ml/venv/bin/python3 syslog_parser.py
 Feb 16 12:18:52 ids.alfacom.it systemd[1]: Started IDS Syslog Parser (Network Logs Processor).
 ● ids-auto-block.timer - IDS Auto-Blocking Timer - Run every 5 minutes
     Loaded: loaded (/etc/systemd/system/ids-auto-block.timer; enabled; preset: disabled)
     Active: active (running) since Mon 2026-02-16 19:24:04 CET; 13h ago
      Until: Mon 2026-02-16 19:24:04 CET; 13h ago
    Trigger: n/a
   Triggers: ● ids-auto-block.service
       Docs: https://github.com/yourusername/ids
 Feb 16 19:24:04 ids.alfacom.it systemd[1]: Started IDS Auto-Blocking Timer - Run every 5 minutes.
 ● ids-auto-block.service - IDS Auto-Blocking Service - Detect and Block Malicious IPs
     Loaded: loaded (/etc/systemd/system/ids-auto-block.service; disabled; preset: disabled)
     Active: activating (start) since Tue 2026-02-17 08:33:33 CET; 3min 14s ago
 TriggeredBy: ● ids-auto-block.timer
   Main PID: 30644 (python3)
      Tasks: 1 (limit: 100409)
     Memory: 14.7M
        CPU: 148ms
     CGroup: /system.slice/ids-auto-block.service
             └─30644 /opt/ids/python_ml/venv/bin/python3 /opt/ids/python_ml/auto_block.py
 Feb 17 08:33:33 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 === 2. LOG NODE.JS ===
 -- No entries --
 === 3. LOG ML ===
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 12676 (n/a) with signal SIGKILL.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 12677 (n/a) with signal SIGKILL.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 12681 (n/a) with signal SIGKILL.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 12682 (n/a) with signal SIGKILL.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 12684 (python3) with signal SIGKILL.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=killed, status=9/KILL
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'timeout'.
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
 Feb 16 15:51:21 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 9.526s CPU time.
 Feb 16 15:51:26 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
 Feb 16 16:50:11 ids.alfacom.it systemd[1]: Stopping IDS ML Backend (FastAPI)...
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: State 'stop-sigterm' timed out. Killing.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13099 (python3) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13102 (python3) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13103 (n/a) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13110 (n/a) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13112 (n/a) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13116 (n/a) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13117 (python3) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13122 (python3) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 13125 (n/a) with signal SIGKILL.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=killed, status=9/KILL
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'timeout'.
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
 Feb 16 16:51:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 15.919s CPU time.
 Feb 16 16:51:46 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
 Feb 16 19:27:20 ids.alfacom.it systemd[1]: Stopping IDS ML Backend (FastAPI)...
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: State 'stop-sigterm' timed out. Killing.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14614 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14619 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14626 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14675 (n/a) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14676 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14677 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14678 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14679 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14680 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14681 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14682 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Killing process 14683 (python3) with signal SIGKILL.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=killed, status=9/KILL
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'timeout'.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 15.247s CPU time.
 Feb 16 19:28:50 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
 Feb 16 19:29:00 ids.alfacom.it systemd[1]: Stopping IDS ML Backend (FastAPI)...
 Feb 16 19:29:01 ids.alfacom.it systemd[1]: ids-ml-backend.service: Deactivated successfully.
 Feb 16 19:29:01 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
 Feb 16 19:29:01 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.113s CPU time.
 Feb 16 19:29:06 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
 === 4. LOG AUTO-BLOCK ===
 Feb 17 07:45:29 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 07:45:29 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 07:49:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 07:49:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 07:49:30 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 07:49:30 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 07:53:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 07:53:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 07:53:30 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 07:53:30 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 07:57:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 07:57:30 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 07:57:30 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 07:57:30 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:01:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:01:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:01:31 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:01:31 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:05:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:05:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:05:31 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:05:31 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:09:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:09:31 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:09:31 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:09:31 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:13:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:13:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:13:32 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:13:32 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:17:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:17:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:17:32 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:17:32 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:21:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:21:32 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:21:32 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:21:32 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:25:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:25:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:25:33 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:25:33 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:29:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:29:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:29:33 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:29:33 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 Feb 17 08:33:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Main process exited, code=exited, status=1/FAILURE
 Feb 17 08:33:33 ids.alfacom.it systemd[1]: ids-auto-block.service: Failed with result 'exit-code'.
 Feb 17 08:33:33 ids.alfacom.it systemd[1]: Failed to start IDS Auto-Blocking Service - Detect and Block Malicious IPs.
 Feb 17 08:33:33 ids.alfacom.it systemd[1]: Starting IDS Auto-Blocking Service - Detect and Block Malicious IPs...
 === 5. LOG SYSLOG ===
 Feb 16 12:18:52 ids.alfacom.it systemd[1]: Started IDS Syslog Parser (Network Logs Processor).
 === 6. PORTE ===
--- a/attached_assets/Pasted-echo-VERIFICA-BACKEND-NODE-JS-ls-la-etc-systemd-system-_1771314251919.txt
+++ b/attached_assets/Pasted-echo-VERIFICA-BACKEND-NODE-JS-ls-la-etc-systemd-system-_1771314251919.txt
@ -1,110 +0,0 @@
 echo "=== VERIFICA BACKEND NODE.JS ===" && ls -la /etc/systemd/system/ids-*.service /etc/systemd/system/ids-*.timer && echo "=== FILE SERVICE DISPONIBILI ===" && cat /etc/systemd/system/ids-backend.service 2>&1 || echo "FILE NON TROVATO" && echo "=== NGINX/REVERSE PROXY ===" && ss -tlnp | grep -E '80|443|3001|5001' && echo "=== TEST PORTA 3001 ===" && curl -v --connect-timeout 5 http://localhost:3001/api/health 2>&1 && echo "=== COME VIENE AVVIATO NODE.JS ===" && ps aux | grep -i node | grep -v grep && echo "=== PM2 STATUS ===" && pm2 list 2>&1 || echo "PM2 non installato" && echo "=== CONTENUTO /opt/ids/ ===" && ls -la /opt/ids/ && echo "=== PACKAGE.JSON ===" && cat /opt/ids/package.json 2>&1 | head -30 && echo "=== AUTO_BLOCK OUTPUT DETTAGLIATO ===" && sudo -u ids /opt/ids/python_ml/venv/bin/python3 /opt/ids/python_ml/auto_block.py 2>&1
 === VERIFICA BACKEND NODE.JS ===
 -rw-r--r--. 1 root root 473 Feb 16 15:52 /etc/systemd/system/ids-analytics-aggregator.service
 -rw-r--r--. 1 root root 339 Feb 16 15:52 /etc/systemd/system/ids-analytics-aggregator.timer
 -rw-r--r--. 1 root root 674 Feb 16 19:23 /etc/systemd/system/ids-auto-block.service
 -rw-r--r--. 1 root root 457 Feb 14 11:42 /etc/systemd/system/ids-auto-block.timer
 -rw-r--r--. 1 root root 550 Nov 25 11:47 /etc/systemd/system/ids-cleanup.service
 -rw-r--r--. 1 root root 440 Nov 25 11:47 /etc/systemd/system/ids-cleanup.timer
 -rw-r--r--. 1 root root 623 Nov 27 19:29 /etc/systemd/system/ids-list-fetcher.service
 -rw-r--r--. 1 root root 246 Nov 27 19:29 /etc/systemd/system/ids-list-fetcher.timer
 -rw-r--r--. 1 root root 675 Nov 24 12:12 /etc/systemd/system/ids-ml-backend.service
 -rw-r--r--. 1 root root 620 Nov 24 19:19 /etc/systemd/system/ids-ml-training.service
 -rw-r--r--. 1 root root 398 Nov 24 19:19 /etc/systemd/system/ids-ml-training.timer
 -rw-r--r--. 1 root root 727 Nov 24 12:12 /etc/systemd/system/ids-syslog-parser.service
 === FILE SERVICE DISPONIBILI ===
 cat: /etc/systemd/system/ids-backend.service: No such file or directory
 FILE NON TROVATO
 === NGINX/REVERSE PROXY ===
 LISTEN 1107   2048         0.0.0.0:8000      0.0.0.0:*    users:(("python3",pid=17629,fd=12))
 === TEST PORTA 3001 ===
 *   Trying ::1:3001...
 * connect to ::1 port 3001 failed: Connection refused
 *   Trying 127.0.0.1:3001...
 * connect to 127.0.0.1 port 3001 failed: Connection refused
 * Failed to connect to localhost port 3001: Connection refused
 * Closing connection 0
 curl: (7) Failed to connect to localhost port 3001: Connection refused
 PM2 non installato
 === CONTENUTO /opt/ids/ ===
 total 608
 drwxr-xr-x.  14 ids  ids    4096 Feb 16 19:28 .
 drwxr-xr-x.   3 root root     43 Nov 17 18:20 ..
 -rw-------.   1 ids  ids     508 Feb 16 19:28 .env
 -rw-r-----.   1 root root    508 Feb 16 19:28 .env.backup
 -rw-r--r--.   1 ids  ids     446 Nov 17 18:23 .env.example
 drwxr-xr-x.   8 ids  ids    4096 Feb 16 19:28 .git
 -rw-r--r--.   1 ids  ids     686 Nov 17 18:23 .gitignore
 -rw-r--r--.   1 ids  ids     801 Jan  2 12:50 .replit
 -rw-r--r--.   1 ids  ids    6264 Nov 17 17:08 GUIDA_INSTALLAZIONE.md
 -rw-r--r--.   1 ids  ids   44765 Feb 16 08:50 IDS_Conformita_ISO27001.docx
 -rw-r--r--.   1 ids  ids    7595 Nov 25 19:14 MIKROTIK_API_FIX.md
 -rw-r--r--.   1 ids  ids    8452 Nov 17 16:40 README.md
 -rw-r--r--.   1 ids  ids    9092 Nov 17 16:40 RISPOSTA_DEPLOYMENT.md
 drwxr-xr-x.   2 ids  ids   12288 Feb 16 16:49 attached_assets
 drwxr-xr-x.   2 ids  ids    4096 Feb 17 04:00 backups
 drwxr-xr-x.   4 ids  ids      49 Nov 17 16:40 client
 -rw-r--r--.   1 ids  ids     459 Nov 17 16:40 components.json
 drwxr-xr-x.   3 ids  ids    4096 Feb 16 19:28 database-schema
 -rwxr-xr-x.   1 ids  ids   10264 Nov 17 18:23 deploy-to-gitlab.sh
 drwxr-xr-x.   7 ids  ids    4096 Feb 16 19:28 deployment
 -rw-r--r--.   1 ids  ids    3165 Nov 17 16:40 design_guidelines.md
 drwxr-xr-x.   3 root root     36 Nov 24 11:05 dist
 -rw-r--r--.   1 ids  ids     325 Nov 17 16:40 drizzle.config.ts
 drwxr-xr-x.   4 ids  ids    4096 Nov 17 16:40 extracted_idf
 -rw-r--r--.   1 ids  ids   28609 Feb 16 08:50 generate_iso27001_doc.py
 -rw-r--r--.   1 ids  ids    1033 Nov 17 17:08 git.env.example
 -rw-r--r--.   1 ids  ids      96 Nov 26 11:14 main.py
 drwxr-xr-x. 328 ids  ids   12288 Feb 16 19:28 node_modules
 -rw-r--r--.   1 ids  ids  299523 Feb 16 19:28 package-lock.json
 -rw-r--r--.   1 ids  ids    3696 Nov 17 16:40 package.json
 -rw-r--r--.   1 ids  ids      80 Nov 17 16:40 postcss.config.js
 -rwxr-xr-x.   1 ids  ids    2496 Nov 17 16:40 push-gitlab.sh
 -rw-r--r--.   1 ids  ids     191 Feb 16 08:50 pyproject.toml
 drwxr-xr-x.   7 ids  ids    4096 Feb 16 16:49 python_ml
 -rw-r--r--.   1 ids  ids    5796 Feb 16 12:33 replit.md
 drwxr-xr-x.   2 ids  ids     104 Feb 16 12:55 server
 drwxr-xr-x.   2 ids  ids      23 Jan  2 15:50 shared
 -rw-r--r--.   1 ids  ids    4050 Nov 17 16:40 tailwind.config.ts
 -rw-r--r--.   1 ids  ids     657 Nov 17 16:40 tsconfig.json
 -rw-r--r--.   1 ids  ids   37505 Feb 16 08:50 uv.lock
 -rw-r--r--.   1 ids  ids    7329 Feb 16 19:28 version.json
 -rw-r--r--.   1 ids  ids    1080 Nov 17 16:40 vite.config.ts
 === PACKAGE.JSON ===
 {
  "name": "rest-express",
  "version": "1.0.0",
  "type": "module",
  "license": "MIT",
  "scripts": {
    "dev": "NODE_ENV=development tsx server/index.ts",
    "build": "vite build && esbuild server/index.ts --platform=node --packages=external --bundle --format=esm --outdir=dist",
    "start": "NODE_ENV=production node dist/index.js",
    "check": "tsc",
    "db:push": "drizzle-kit push"
  },
  "dependencies": {
    "@hookform/resolvers": "^3.10.0",
    "@jridgewell/trace-mapping": "^0.3.25",
    "@neondatabase/serverless": "^0.10.4",
    "@radix-ui/react-accordion": "^1.2.4",
    "@radix-ui/react-alert-dialog": "^1.1.7",
    "@radix-ui/react-aspect-ratio": "^1.1.3",
    "@radix-ui/react-avatar": "^1.1.4",
    "@radix-ui/react-checkbox": "^1.1.5",
    "@radix-ui/react-collapsible": "^1.1.4",
    "@radix-ui/react-context-menu": "^2.2.7",
    "@radix-ui/react-dialog": "^1.1.7",
    "@radix-ui/react-dropdown-menu": "^2.1.7",
    "@radix-ui/react-hover-card": "^1.1.7",
    "@radix-ui/react-label": "^2.1.3",
    "@radix-ui/react-menubar": "^1.1.7",
    "@radix-ui/react-navigation-menu": "^1.2.6",
    "@radix-ui/react-popover": "^1.1.7",
 === AUTO_BLOCK OUTPUT DETTAGLIATO ===
 [2026-02-17 08:38:05] Starting auto-block cycle...
 [2026-02-17 08:38:05] Step 1: Detection ML...
 [2026-02-17 08:38:05] ML Detection timeout, skip (blocco IP esistenti continua)
 [2026-02-17 08:38:05] Step 2: Blocco IP critici sui router...
 [2026-02-17 08:38:05] ERRORE: Timeout blocco IP (120s)
 [root@ids ~]#                                                            
--- a/database-schema/schema.sql
+++ b/database-schema/schema.sql
@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
-\restrict bpQw5VRf29VbJdb1MkmCTB0bxZyLNpiiYQ99AIDje3SrE77G6EnB1VyJyK44tQd
+\restrict f7Q5mSLZ6vWDok89gagYtp9j07wIocFgGXfuMOImRKtOLNzZO3glMcFoPsKcwyf
 -- Dumped from database version 16.11 (df20cf9)
 -- Dumped by pg_dump version 16.10
@ -387,5 +387,5 @@ ALTER TABLE ONLY public.public_blacklist_ips
 -- PostgreSQL database dump complete
 --
-\unrestrict bpQw5VRf29VbJdb1MkmCTB0bxZyLNpiiYQ99AIDje3SrE77G6EnB1VyJyK44tQd
+\unrestrict f7Q5mSLZ6vWDok89gagYtp9j07wIocFgGXfuMOImRKtOLNzZO3glMcFoPsKcwyf
--- a/deployment/check_frontend.sh
+++ b/deployment/check_frontend.sh
@ -1,23 +1,33 @@
 #!/bin/bash
 # =========================================================
-# CHECK FRONTEND - Verifica se backend Node.js e' attivo
+# CHECK FRONTEND - Verifica e riavvia frontend Node.js se necessario
 # =========================================================
-LOG_FILE="/var/log/ids/backend.log"
+LOG_FILE="/var/log/ids/frontend.log"
 WORK_DIR="/opt/ids"
 mkdir -p /var/log/ids
-if systemctl is-active --quiet ids-backend.service 2>/dev/null; then
+# Check if frontend (vite/node) is running
 if pgrep -f "vite" > /dev/null || pgrep -f "node.*server" > /dev/null; then
    exit 0
 else
-    echo "[$(date)] Backend Node.js NON attivo" >> "$LOG_FILE"
+    echo "[$(date)] Frontend Node NON attivo, riavvio..." >> "$LOG_FILE"
-    systemctl start ids-backend.service 2>> "$LOG_FILE" || true
+
    # Start frontend with environment variables from .env
    cd "$WORK_DIR"
    if [ -f "$WORK_DIR/.env" ]; then
        nohup env $(cat "$WORK_DIR/.env" | grep -v '^#' | xargs) npm run dev >> "$LOG_FILE" 2>&1 &
    else
        nohup npm run dev >> "$LOG_FILE" 2>&1 &
    fi
    NEW_PID=$!
    sleep 3
-    if systemctl is-active --quiet ids-backend.service 2>/dev/null; then
+    if pgrep -f "vite" > /dev/null; then
-        echo "[$(date)] Backend riavviato con successo via systemd" >> "$LOG_FILE"
+        echo "[$(date)] Frontend riavviato con successo (PID: $NEW_PID)" >> "$LOG_FILE"
    else
-        echo "[$(date)] ERRORE: Backend non si e' avviato - verificare con: journalctl -u ids-backend -n 20" >> "$LOG_FILE"
+        echo "[$(date)] ERRORE: Frontend non si è avviato" >> "$LOG_FILE"
    fi
 fi
--- a/deployment/install_systemd_services.sh
+++ b/deployment/install_systemd_services.sh
@ -18,49 +18,43 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
 echo ""
-echo "Installing systemd service files..."
+echo "📋 Installing systemd service files..."
 # Copy service files
 cp "$PROJECT_ROOT/deployment/systemd/ids-backend.service" /etc/systemd/system/
 cp "$PROJECT_ROOT/deployment/systemd/ids-ml-backend.service" /etc/systemd/system/
 cp "$PROJECT_ROOT/deployment/systemd/ids-syslog-parser.service" /etc/systemd/system/
 cp "$PROJECT_ROOT/deployment/systemd/ids-auto-block.service" /etc/systemd/system/
 # Ensure correct permissions
 chmod 644 /etc/systemd/system/ids-backend.service
 chmod 644 /etc/systemd/system/ids-ml-backend.service
 chmod 644 /etc/systemd/system/ids-syslog-parser.service
 chmod 644 /etc/systemd/system/ids-auto-block.service
-echo "Service files copied to /etc/systemd/system/"
+echo "✅ Service files copied to /etc/systemd/system/"
 echo ""
-echo "Reloading systemd daemon..."
+echo "🔄 Reloading systemd daemon..."
 systemctl daemon-reload
 echo ""
-echo "Enabling services to start on boot..."
+echo "🔧 Enabling services to start on boot..."
 systemctl enable ids-backend.service
 systemctl enable ids-ml-backend.service
 systemctl enable ids-syslog-parser.service
 echo ""
 echo "========================================="
-echo "Installation Complete!"
+echo "✅ Installation Complete!"
 echo "========================================="
 echo ""
 echo "Next steps:"
 echo ""
 echo "1. Start the services:"
 echo "   sudo systemctl start ids-backend"
 echo "   sudo systemctl start ids-ml-backend"
 echo "   sudo systemctl start ids-syslog-parser"
 echo ""
 echo "2. Check status:"
-echo "   sudo systemctl status ids-backend ids-ml-backend ids-syslog-parser"
+echo "   sudo systemctl status ids-ml-backend"
 echo "   sudo systemctl status ids-syslog-parser"
 echo ""
 echo "3. View logs:"
 echo "   tail -f /var/log/ids/backend.log"
 echo "   tail -f /var/log/ids/ml_backend.log"
 echo "   tail -f /var/log/ids/syslog_parser.log"
 echo ""
--- a/deployment/restart_frontend.sh
+++ b/deployment/restart_frontend.sh
@ -1,56 +1,58 @@
 #!/bin/bash
 #
-# Restart IDS Frontend (Node.js/Express)
+# Restart IDS Frontend (Node.js/Express/Vite)
-# Utility per restart manuale del server frontend via systemd
+# Utility per restart manuale del server frontend
 #
 set -e
-echo "Restart Backend Node.js via systemd..."
+echo "🔄 Restart Frontend Node.js..."
-# Stop servizio
+# Kill AGGRESSIVO di tutti i processi Node/Vite
-echo "Stopping ids-backend..."
+echo "⏸️  Stopping all Node/Vite processes..."
-sudo systemctl stop ids-backend.service 2>/dev/null || true
+pkill -9 -f "node.*tsx" 2>/dev/null || true
 pkill -9 -f "vite" 2>/dev/null || true
 pkill -9 -f "npm run dev" 2>/dev/null || true
 sleep 2
-# Kill eventuali processi orfani sulla porta 5000
+# Kill processo sulla porta 5000 (se esiste)
-echo "Liberando porta 5000..."
+echo "🔍 Liberando porta 5000..."
 lsof -ti:5000 | xargs kill -9 2>/dev/null || true
 sleep 1
-# Verifica porta libera
+# Verifica porta LIBERA
 if lsof -Pi :5000 -sTCP:LISTEN -t >/dev/null 2>&1; then
-    echo "ERRORE: Porta 5000 ancora occupata!"
+    echo "❌ ERRORE: Porta 5000 ancora occupata!"
    echo "Processi sulla porta:"
    lsof -i:5000
    exit 1
 fi
-echo "Porta 5000 libera"
+echo "✅ Porta 5000 libera"
-# Start servizio
+# Restart usando check_frontend.sh
-echo "Starting ids-backend..."
+echo "🚀 Starting frontend..."
-sudo systemctl start ids-backend.service
+/opt/ids/deployment/check_frontend.sh
 # Attendi avvio completo
 sleep 5
 # Verifica avvio
-if systemctl is-active --quiet ids-backend.service; then
+if pgrep -f "vite" > /dev/null; then
-    echo "Backend avviato con successo"
+    PID=$(pgrep -f "vite")
-    echo "Server disponibile su: http://localhost:5000"
+    echo "✅ Frontend avviato con PID: $PID"
    echo "📡 Server disponibile su: http://localhost:5000"
    # Test rapido
    sleep 2
    HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:5000/ 2>/dev/null || echo "000")
    if [ "$HTTP_CODE" = "200" ]; then
-        echo "HTTP test OK (200)"
+        echo "✅ HTTP test OK (200)"
    else
-        echo "HTTP test: $HTTP_CODE (potrebbe essere in fase di avvio)"
+        echo "⚠️  HTTP test: $HTTP_CODE"
    fi
 else
-    echo "ERRORE: Backend non avviato!"
+    echo "❌ Errore: Frontend non avviato!"
-    echo "Controlla log: journalctl -u ids-backend -n 20"
+    echo "📋 Controlla log: tail -f /var/log/ids/frontend.log"
    sudo journalctl -u ids-backend -n 20 --no-pager
    exit 1
 fi
--- a/deployment/systemd/ids-backend.service
+++ b/deployment/systemd/ids-backend.service
@ -1,32 +0,0 @@
 [Unit]
 Description=IDS Node.js Backend (Express API + Frontend)
 After=network.target postgresql-16.service
 Wants=postgresql-16.service
 [Service]
 Type=simple
 User=ids
 Group=ids
 WorkingDirectory=/opt/ids
 EnvironmentFile=/opt/ids/.env
 Environment=NODE_ENV=production
 Environment=PORT=5000
 Environment=PATH=/usr/local/bin:/usr/bin:/bin
 ExecStartPre=/bin/bash -c 'test -f /opt/ids/dist/index.js || (echo "ERRORE: dist/index.js non trovato - eseguire npm run build" && exit 1)'
 ExecStart=/usr/bin/env node dist/index.js
 Restart=always
 RestartSec=5
 StartLimitInterval=300
 StartLimitBurst=10
 LimitNOFILE=65536
 MemoryMax=1G
 StandardOutput=append:/var/log/ids/backend.log
 StandardError=append:/var/log/ids/backend.log
 SyslogIdentifier=ids-backend
 [Install]
 WantedBy=multi-user.target
--- a/version.json
+++ b/version.json
@ -1,13 +1,7 @@
 {
-  "version": "1.0.120",
+  "version": "1.0.119",
-  "lastUpdate": "2026-02-17T07:48:15.846Z",
+  "lastUpdate": "2026-02-17T07:32:28.004Z",
  "changelog": [
    {
      "version": "1.0.120",
      "date": "2026-02-17",
      "type": "patch",
      "description": "Deployment automatico v1.0.120"
    },
    {
      "version": "1.0.119",
      "date": "2026-02-17",
@ -301,6 +295,12 @@
      "date": "2025-11-25",
      "type": "patch",
      "description": "Deployment automatico v1.0.71"
    },
    {
      "version": "1.0.70",
      "date": "2025-11-25",
      "type": "patch",
      "description": "Deployment automatico v1.0.70"
    }
  ]
 }