marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: marco:main
Branches Tags
marco:main
marco:v1.0.103
marco:v1.0.102
marco:v1.0.101
marco:v1.0.100
marco:v1.0.99
marco:v1.0.98
marco:v1.0.97
marco:v1.0.96
marco:v1.0.95
marco:v1.0.94
marco:v1.0.93
marco:v1.0.92
marco:v1.0.91
marco:v1.0.90
marco:v1.0.89
marco:v1.0.88
marco:v1.0.87
marco:v1.0.86
marco:v1.0.85
marco:v1.0.84
marco:v1.0.83
marco:v1.0.82
marco:v1.0.81
marco:v1.0.80
marco:v1.0.79
marco:v1.0.78
marco:v1.0.77
marco:v1.0.76
marco:v1.0.75
marco:v1.0.74
marco:v1.0.73
marco:v1.0.72
marco:v1.0.71
marco:v1.0.70
marco:v1.0.69
marco:v1.0.68
marco:v1.0.67
marco:v1.0.66
marco:v1.0.65
marco:v1.0.64
marco:v1.0.63
marco:v1.0.62
marco:v1.0.61
marco:v1.0.60
marco:v1.0.59
marco:v1.0.58
marco:v1.0.57
marco:v1.0.56
marco:v1.0.55
marco:v1.0.54
marco:v1.0.53
marco:v1.0.52
marco:v1.0.51
marco:v1.0.50
marco:v1.0.49
marco:v1.0.48
marco:v1.0.47
marco:v1.0.46
marco:v1.0.45
marco:v1.0.44
marco:v1.0.43
marco:v1.0.42
marco:v1.0.41
marco:v1.0.40
marco:v1.0.39
marco:v1.0.38
marco:v1.0.37
marco:v1.0.36
marco:v1.0.35
marco:v1.0.34
marco:v1.0.33
marco:v1.0.32
marco:v1.0.30
marco:v1.0.29
marco:v1.0.28
marco:v1.0.27
marco:v1.0.26
marco:v1.0.25
marco:v1.0.24
marco:v1.0.23
marco:v1.0.22
marco:v1.0.21
marco:v1.0.20
marco:v1.0.19
marco:v1.0.18
marco:v1.0.17
marco:v1.0.15
marco:v1.0.14
marco:v1.0.13
marco:v1.0.12
marco:v1.0.11
marco:v1.0.10
marco:v1.0.9
marco:v1.0.8
marco:v1.0.7
marco:v1.0.6
marco:v1.0.4
marco:v1.0.3
marco:v1.0.2
marco:v1.0.1
..
compare: marco:v1.0.1
Branches Tags
marco:main
marco:v1.0.103
marco:v1.0.102
marco:v1.0.101
marco:v1.0.100
marco:v1.0.99
marco:v1.0.98
marco:v1.0.97
marco:v1.0.96
marco:v1.0.95
marco:v1.0.94
marco:v1.0.93
marco:v1.0.92
marco:v1.0.91
marco:v1.0.90
marco:v1.0.89
marco:v1.0.88
marco:v1.0.87
marco:v1.0.86
marco:v1.0.85
marco:v1.0.84
marco:v1.0.83
marco:v1.0.82
marco:v1.0.81
marco:v1.0.80
marco:v1.0.79
marco:v1.0.78
marco:v1.0.77
marco:v1.0.76
marco:v1.0.75
marco:v1.0.74
marco:v1.0.73
marco:v1.0.72
marco:v1.0.71
marco:v1.0.70
marco:v1.0.69
marco:v1.0.68
marco:v1.0.67
marco:v1.0.66
marco:v1.0.65
marco:v1.0.64
marco:v1.0.63
marco:v1.0.62
marco:v1.0.61
marco:v1.0.60
marco:v1.0.59
marco:v1.0.58
marco:v1.0.57
marco:v1.0.56
marco:v1.0.55
marco:v1.0.54
marco:v1.0.53
marco:v1.0.52
marco:v1.0.51
marco:v1.0.50
marco:v1.0.49
marco:v1.0.48
marco:v1.0.47
marco:v1.0.46
marco:v1.0.45
marco:v1.0.44
marco:v1.0.43
marco:v1.0.42
marco:v1.0.41
marco:v1.0.40
marco:v1.0.39
marco:v1.0.38
marco:v1.0.37
marco:v1.0.36
marco:v1.0.35
marco:v1.0.34
marco:v1.0.33
marco:v1.0.32
marco:v1.0.30
marco:v1.0.29
marco:v1.0.28
marco:v1.0.27
marco:v1.0.26
marco:v1.0.25
marco:v1.0.24
marco:v1.0.23
marco:v1.0.22
marco:v1.0.21
marco:v1.0.20
marco:v1.0.19
marco:v1.0.18
marco:v1.0.17
marco:v1.0.15
marco:v1.0.14
marco:v1.0.13
marco:v1.0.12
marco:v1.0.11
marco:v1.0.10
marco:v1.0.9
marco:v1.0.8
marco:v1.0.7
marco:v1.0.6
marco:v1.0.4
marco:v1.0.3
marco:v1.0.2
marco:v1.0.1

No commits in common. "main" and "v1.0.1" have entirely different histories.
main ... v1.0.1

204 changed files with 572 additions and 24959 deletions
Show Stats Expand all files Collapse all files

3
.env.example
View File

@ -1,6 +1,5 @@
# Database PostgreSQL # Database PostgreSQL
# IMPORTANTE: Usa 127.0.0.1 invece di localhost per forzare IPv4 (evita problemi con ::1) PGHOST=localhost
PGHOST=127.0.0.1
PGPORT=5432 PGPORT=5432
PGDATABASE=ids_database PGDATABASE=ids_database
PGUSER=ids_user PGUSER=ids_user

50
.gitignore vendored
View File

@ -4,53 +4,3 @@ dist
server/public server/public
vite.config.ts.* vite.config.ts.*
*.tar.gz *.tar.gz
# Environment variables e secrets (NON committare!)
.env
.env.*
!.env.example
git.env
!git.env.example
# Backup e log
database-backups/
backups/
*.log
*.log.*
# Database schema (SOLO schema.sql committato, NO dati)
!database-schema/
!database-schema/schema.sql
# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
*.egg-info/
dist/
build/
*.pkl
*.joblib
python_ml/models/*.pkl
python_ml/models/*.joblib
# Database dumps (ESCLUDI database-schema/schema.sql)
database-backups/*.sql
database-backups/*.sql.gz
*.dump
# IDE
.vscode/
.idea/
*.swp
*.swo
*~
# OS
.DS_Store
Thumbs.db
# Versioning
version.json.backup

2
.replit
View File

@ -1,4 +1,4 @@
modules = ["nodejs-20", "web", "python-3.11", "postgresql-16"] modules = ["nodejs-20", "web", "postgresql-16", "python-3.11"]
run = "npm run dev" run = "npm run dev"
hidden = [".config", ".git", "generated-icon.png", "node_modules", "dist"] hidden = [".config", ".git", "generated-icon.png", "node_modules", "dist"]

284
GUIDA_INSTALLAZIONE.md
View File

@ -1,284 +0,0 @@
# 🚀 IDS - Guida Rapida Installazione
Installazione completa sistema IDS su AlmaLinux 9 con aggiornamenti da git.alfacom.it
---
## 📖 Documenti Disponibili
1. **`deployment/INSTALLAZIONE_STEP_BY_STEP.md`** ← **SEGUI QUESTA GUIDA**
- 📋 Guida completa passo-passo
- ✅ 25 step con comandi esatti
- 🔍 Checklist completa
- 🐛 Troubleshooting
2. **`deployment/COMANDI_RAPIDI.md`**
- ⚡ Riferimento veloce comandi
- 🔄 Operazioni comuni
- 📊 Monitoring e debug
3. **`deployment/README_DEPLOYMENT.md`**
- 📚 Documentazione tecnica completa
- 🏗️ Architettura sistema
- ⚙️ Configurazione avanzata
4. **`deployment/CONFIGURAZIONE_ROUTER_MIKROTIK.md`**
- 📡 Setup router MikroTik
- 🔧 Configurazione syslog
- ✅ Verifica connessione
---
## ⚡ Quick Start (3 minuti)
### 1. Prerequisiti
- ✅ Server AlmaLinux 9
- ✅ Accesso root SSH
- ✅ Credenziali git.alfacom.it (username + token)
### 2. Installazione Base
```bash
# Connetti al server
ssh root@<IP_SERVER>
# Clone repository temporaneo
cd /tmp
git clone https://<USER>:<TOKEN>@git.alfacom.it/<OWNER>/ids.git
cd ids
# Esegui setup
chmod +x deployment/setup_almalinux.sh
./deployment/setup_almalinux.sh
```
### 3. Setup Definitivo
```bash
# Clone in posizione finale
cd /opt/ids
sudo -u ids git clone https://<USER>:<TOKEN>@git.alfacom.it/<OWNER>/ids.git .
# Configura git.env
sudo -u ids cp git.env.example git.env
sudo -u ids nano git.env # Inserisci credenziali git
# Configura .env
sudo -u ids cp .env.example .env
sudo -u ids nano .env # Inserisci password (vedi sotto)
```
### 4. Genera Password Sicure
```bash
# Password database
openssl rand -base64 32
# Session secret
openssl rand -base64 32
# Copia gli output in .env
```
### 5. Installa Dipendenze
```bash
cd /opt/ids
sudo -u ids npm install
cd python_ml && sudo -u ids pip3.11 install -r requirements.txt
cd /opt/ids && sudo -u ids npm run db:push
```
### 6. Configura Syslog e Avvia
```bash
# Syslog per router
./deployment/setup_syslog_server.sh
# Avvia tutto
./deployment/setup_crontab.sh
```
### 7. Verifica
```bash
# Processi attivi
ps aux | grep -E 'python|node|syslog'
# API funzionante
curl http://localhost:8000/health
curl http://localhost:5000
# Dashboard web
http://<IP_SERVER>:5000
```
---
## 🔧 File di Configurazione
### git.env (Credenziali Git)
```bash
GITLAB_USER=tuo-username
GITLAB_TOKEN=glpat-abc123xyz
GITLAB_REPO=https://git.alfacom.it/owner/ids.git
GITLAB_BRANCH=main
```
> **Token**: git.alfacom.it → Settings → Access Tokens
> Permessi: `api`, `read_repository`, `write_repository`
### .env (Secrets Applicazione)
```bash
PGHOST=localhost
PGPORT=5432
PGDATABASE=ids_database
PGUSER=ids_user
PGPASSWORD=<openssl rand -base64 32>
SESSION_SECRET=<openssl rand -base64 32>
VITE_PYTHON_API_URL=http://localhost:8000
NODE_ENV=production
```
> **IMPORTANTE**: `.env` e `git.env` NON vanno su git (sono in `.gitignore`)
---
## 📡 Configurazione Router MikroTik
Su **OGNI router**:
```mikrotik
/system logging action
add name=ids-server target=remote remote=<IP_SERVER> remote-port=514
/system logging
add action=ids-server topics=firewall,info
/ip firewall filter
add chain=forward action=accept log=yes log-prefix="ACCEPT: "
add chain=forward action=drop log=yes log-prefix="DROP: "
```
Verifica log sul server:
```bash
tail -f /var/log/mikrotik/raw.log
```
---
## 🔄 Aggiornamenti da Git
```bash
cd /opt/ids
sudo -u ids ./deployment/update_from_git.sh
```
Questo fa:
1. Backup `.env`
2. `git pull` da git.alfacom.it
3. Ripristina `.env`
4. Aggiorna dipendenze
5. Sync database
6. Restart servizi
---
## 🎯 Primo Training ML
Dopo **24 ore** di raccolta log (almeno 10.000 log):
```bash
# Verifica log raccolti
psql -U ids_user -d ids_database -c "SELECT COUNT(*) FROM network_logs;"
# Training
curl -X POST http://localhost:8000/train \
-H "Content-Type: application/json" \
-d '{"max_records": 10000, "hours_back": 24}'
# Detection (già automatica ogni 5min)
curl -X POST http://localhost:8000/detect \
-H "Content-Type: application/json" \
-d '{"max_records": 5000, "auto_block": true, "risk_threshold": 75}'
```
---
## 📊 Monitoring
### Log Principali
```bash
tail -f /var/log/ids/backend.log # Backend Python
tail -f /var/log/ids/frontend.log # Frontend Node
tail -f /var/log/ids/syslog_parser.log # Parser log router
tail -f /var/log/ids/training.log # Training ML
tail -f /var/log/ids/detect.log # Detection
tail -f /var/log/mikrotik/raw.log # Log router in arrivo
```
### Comandi Utili
```bash
# Restart completo
/opt/ids/deployment/restart_all.sh
# Stato processi
ps aux | grep -E 'python|node|syslog'
# Database
psql -U ids_user -d ids_database
# Crontab
crontab -u ids -l
```
---
## 🐛 Problemi Comuni
| Problema | Soluzione |
|----------|-----------|
| Log non arrivano | `systemctl restart rsyslog` + verifica firewall |
| Database vuoto | Verifica `syslog_parser.py` attivo |
| Backend non risponde | `/opt/ids/deployment/check_backend.sh` |
| Frontend non carica | `/opt/ids/deployment/check_frontend.sh` |
---
## 📚 Documentazione Completa
- **Installazione**: `deployment/INSTALLAZIONE_STEP_BY_STEP.md`
- **Comandi**: `deployment/COMANDI_RAPIDI.md`
- **Deployment**: `deployment/README_DEPLOYMENT.md`
- **Router**: `deployment/CONFIGURAZIONE_ROUTER_MIKROTIK.md`
- **Risposte FAQ**: `RISPOSTA_DEPLOYMENT.md`
---
## ✅ Checklist Rapida
- [ ] Server AlmaLinux 9 pronto
- [ ] `setup_almalinux.sh` eseguito
- [ ] `git.env` configurato
- [ ] `.env` configurato con password sicure
- [ ] Dipendenze installate (`npm install`, `pip install`)
- [ ] Database schema sincronizzato (`npm run db:push`)
- [ ] Syslog configurato (`setup_syslog_server.sh`)
- [ ] Router MikroTik configurati
- [ ] Sistema avviato (`setup_crontab.sh`)
- [ ] Processi attivi (python, node, syslog_parser)
- [ ] API funzionanti (curl localhost:8000/health)
- [ ] Dashboard accessibile (http://IP:5000)
- [ ] Log arrivano (`tail -f /var/log/mikrotik/raw.log`)
- [ ] Database si popola (SELECT COUNT(*) FROM network_logs)
- [ ] Training eseguito (dopo 24h)
---
**Sistema pronto! 🛡️**
Per dettagli: `cat deployment/INSTALLAZIONE_STEP_BY_STEP.md`

311
MIKROTIK_API_FIX.md
View File

@ -1,311 +0,0 @@
# Fix Connessione MikroTik API
## 🐛 PROBLEMA RISOLTO
**Errore**: Timeout connessione API MikroTik - router non rispondeva a richieste HTTP.
**Causa Root**: Confusione tra **API Binary** (porta 8728) e **API REST** (porta 80/443).
## 🔍 API MikroTik: Binary vs REST
MikroTik RouterOS ha **DUE tipi di API completamente diversi**:
| Tipo | Porta | Protocollo | RouterOS | Compatibilità |
|------|-------|------------|----------|---------------|
| **Binary API** | 8728 | Proprietario RouterOS | Tutte | ❌ Non HTTP (libreria `routeros-api`) |
| **REST API** | 80/443 | HTTP/HTTPS standard | **>= 7.1** | ✅ HTTP con `httpx` |
**IDS usa REST API** (httpx + HTTP), quindi:
- ✅ **Porta 80** (HTTP) - **CONSIGLIATA**
- ✅ **Porta 443** (HTTPS) - Se necessario SSL
- ❌ **Porta 8728** - API Binary, NON REST (timeout)
- ❌ **Porta 8729** - API Binary SSL, NON REST (timeout)
## ✅ SOLUZIONE
### 1⃣ Verifica RouterOS Versione
```bash
# Sul router MikroTik (via Winbox/SSH)
/system resource print
```
**Se RouterOS >= 7.1** → Usa **REST API** (porta 80/443)
**Se RouterOS < 7.1** REST API non esiste, usa API Binary
### 2⃣ Configurazione Porta Corretta
**Per RouterOS 7.14.2 (Alfabit):**
```sql
-- Database: Usa porta 80 (REST API HTTP)
UPDATE routers SET api_port = 80 WHERE name = 'Alfabit';
```
**Porte disponibili**:
- **80** → REST API HTTP (✅ CONSIGLIATA)
- **443** → REST API HTTPS (se SSL richiesto)
- ~~8728~~ → API Binary (non compatibile)
- ~~8729~~ → API Binary SSL (non compatibile)
### 3⃣ Test Manuale
```bash
# Test connessione porta 80
curl http://185.203.24.2:80/rest/system/identity \
-u admin:password \
--max-time 5
# Output atteso:
# {"name":"AlfaBit"}
```
---
## 📋 VERIFICA CONFIGURAZIONE ROUTER
### 1⃣ Controlla Database
```sql
-- Su AlmaLinux
psql $DATABASE_URL -c "SELECT name, ip_address, api_port, username, enabled FROM routers WHERE enabled = true;"
```
**Output Atteso**:
```
name | ip_address | api_port | username | enabled
--------------+---------------+----------+----------+---------
Alfabit | 185.203.24.2 | 80 | admin | t
```
**Verifica**:
- ✅ `api_port` = **80** (REST API HTTP)
- ✅ `enabled` = **true**
- ✅ `username` e `password` corretti
**Se porta errata**:
```sql
-- Cambia porta da 8728 a 80
UPDATE routers SET api_port = 80 WHERE ip_address = '185.203.24.2';
```
### 2⃣ Testa Connessione Python
```bash
# Su AlmaLinux
cd /opt/ids/python_ml
source venv/bin/activate
# Test connessione automatico (usa dati dal database)
python3 test_mikrotik_connection.py
```
**Output atteso**:
```
✅ Connessione OK!
✅ Trovati X IP in lista 'ddos_blocked'
✅ IP bloccato con successo!
✅ IP sbloccato con successo!
```
---
## 🚀 DEPLOYMENT SU ALMALINUX
### Workflow Completo
#### 1**Su Replit** (GIÀ FATTO ✅)
- File `python_ml/mikrotik_manager.py` modificato
- Fix già committato su Replit
#### 2⃣ **Locale - Push GitLab**
```bash
# Dalla tua macchina locale (NON su Replit - è bloccato)
./push-gitlab.sh
```
Input richiesti:
```
Commit message: Fix MikroTik API - porta non usata in base_url
```
#### 3⃣ **Su AlmaLinux - Pull & Deploy**
```bash
# SSH su ids.alfacom.it
ssh root@ids.alfacom.it
# Pull ultimi cambiamenti
cd /opt/ids
./update_from_git.sh
# Riavvia ML Backend per applicare fix
sudo systemctl restart ids-ml-backend
# Verifica servizio attivo
systemctl status ids-ml-backend
# Verifica API risponde
curl http://localhost:8000/health
```
#### 4⃣ **Test Blocco IP**
```bash
# Dalla dashboard web: https://ids.alfacom.it/routers
# 1. Verifica router configurati
# 2. Clicca "Test Connessione" su router 185.203.24.2
# 3. Dovrebbe mostrare ✅ "Connessione OK"
# Dalla dashboard detections:
# 1. Seleziona detection con score >= 80
# 2. Clicca "Blocca IP"
# 3. Verifica blocco su router
```
---
## 🔧 TROUBLESHOOTING
### Connessione Ancora Fallisce?
#### A. Verifica Servizio WWW su Router
**REST API usa servizio `www` (porta 80) o `www-ssl` (porta 443)**:
```bash
# Sul router MikroTik (via Winbox/SSH)
/ip service print
# Verifica che www sia enabled:
# 0 www 80 * ← REST API HTTP
# 1 www-ssl 443 * ← REST API HTTPS
```
**Fix su MikroTik**:
```bash
# Abilita servizio www per REST API
/ip service enable www
/ip service set www port=80 address=0.0.0.0/0
# O con SSL (porta 443)
/ip service enable www-ssl
/ip service set www-ssl port=443
```
**NOTA**: `api` (porta 8728) è **API Binary**, NON REST!
#### B. Verifica Firewall AlmaLinux
```bash
# Su AlmaLinux - consenti traffico verso router
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="185.203.24.2" port protocol="tcp" port="8728" accept'
sudo firewall-cmd --reload
```
#### C. Test Connessione Raw
```bash
# Test TCP connessione porta 80
telnet 185.203.24.2 80
# Test REST API con curl
curl -v http://185.203.24.2:80/rest/system/identity \
-u admin:password \
--max-time 5
# Output atteso:
# {"name":"AlfaBit"}
```
**Se timeout**: Servizio `www` non abilitato sul router
#### D. Credenziali Errate?
```sql
-- Verifica credenziali nel database
psql $DATABASE_URL -c "SELECT name, ip_address, username FROM routers WHERE ip_address = '185.203.24.2';"
-- Se password errata, aggiorna:
-- UPDATE routers SET password = 'nuova_password' WHERE ip_address = '185.203.24.2';
```
---
## ✅ VERIFICA FINALE
Dopo il deployment, verifica che:
1. **ML Backend attivo**:
```bash
systemctl status ids-ml-backend # must be "active (running)"
```
2. **API risponde**:
```bash
curl http://localhost:8000/health
# {"status":"healthy","database":"connected",...}
```
3. **Auto-blocking funziona**:
```bash
# Controlla log auto-blocking
journalctl -u ids-auto-block.timer -n 50
```
4. **IP bloccati su router**:
- Dashboard: https://ids.alfacom.it/detections
- Filtra: "Bloccati"
- Verifica badge verde "Bloccato" visibile
---
## 📊 CONFIGURAZIONE CORRETTA
| Parametro | Valore (RouterOS >= 7.1) | Note |
|-----------|--------------------------|------|
| **api_port** | **80** (HTTP) o **443** (HTTPS) | ✅ REST API |
| **Servizio Router** | `www` (HTTP) o `www-ssl` (HTTPS) | Abilita su MikroTik |
| **Endpoint** | `/rest/system/identity` | Test connessione |
| **Endpoint** | `/rest/ip/firewall/address-list` | Gestione blocchi |
| **Auth** | Basic (username:password base64) | Header Authorization |
| **Verify SSL** | False | Self-signed certs OK |
---
## 🎯 RIEPILOGO
### ❌ ERRATO (API Binary - Timeout)
```bash
# Porta 8728 usa protocollo BINARIO, non HTTP REST
curl http://185.203.24.2:8728/rest/...
# Timeout: protocollo incompatibile
```
### ✅ CORRETTO (API REST - Funziona)
```bash
# Porta 80 usa protocollo HTTP REST standard
curl http://185.203.24.2:80/rest/system/identity \
-u admin:password
# Output: {"name":"AlfaBit"}
```
**Database configurato**:
```sql
-- Router Alfabit configurato con porta 80
SELECT name, ip_address, api_port FROM routers;
-- Alfabit | 185.203.24.2 | 80
```
---
## 📝 CHANGELOG
**25 Novembre 2024**:
1. ✅ Identificato problema: porta 8728 = API Binary (non HTTP)
2. ✅ Verificato RouterOS 7.14.2 supporta REST API
3. ✅ Configurato router con porta 80 (REST API HTTP)
4. ✅ Test curl manuale: `{"name":"AlfaBit"}`
5. ✅ Router inserito in database con porta 80
**Test richiesto**: `python3 test_mikrotik_connection.py`
**Versione**: IDS 2.0.0 (Hybrid Detector)
**RouterOS**: 7.14.2 (stable)
**API Type**: REST (HTTP porta 80)

62
attached_assets/Pasted--5-37-12-PM-express-POST-api-ml-train-200-in-5ms-message-Training-avviato-in-background-1763743249260_1763743249260.txt
View File

@ -1,62 +0,0 @@
5:37:12 PM [express] POST /api/ml/train 200 in 5ms :: {"message":"Training avviato in background","m…
5:37:12 PM [express] GET /api/training-history 304 in 2ms :: []
5:37:12 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:37:22 PM [express] GET /api/training-history 304 in 16ms :: []
5:37:22 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:37:32 PM [express] GET /api/training-history 304 in 12ms :: []
5:37:32 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:37:42 PM [express] GET /api/training-history 304 in 12ms :: []
5:37:42 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:37:52 PM [express] GET /api/training-history 304 in 12ms :: []
5:37:52 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:02 PM [express] GET /api/training-history 304 in 12ms :: []
5:38:02 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:12 PM [express] GET /api/training-history 304 in 10ms :: []
5:38:12 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:22 PM [express] GET /api/training-history 304 in 13ms :: []
5:38:22 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:32 PM [express] GET /api/training-history 304 in 12ms :: []
5:38:32 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:32 PM [express] GET /api/stats 200 in 11ms :: {"routers":{"total":1,"enabled":1},"detections":{…
5:38:33 PM [express] GET /api/detections 304 in 14ms :: []
5:38:33 PM [express] GET /api/routers 200 in 12ms :: [{"id":"aedb9b6e-6d38-4926-8a45-b2f0c7b48c3d","…
5:38:36 PM [express] GET /api/detections 304 in 2ms :: []
5:38:38 PM [express] GET /api/training-history 304 in 3ms :: []
5:38:38 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:42 PM [express] GET /api/detections 304 in 5ms :: []
5:38:42 PM [express] GET /api/routers 304 in 5ms :: [{"id":"aedb9b6e-6d38-4926-8a45-b2f0c7b48c3d","n…
5:38:42 PM [express] GET /api/stats 304 in 12ms :: {"routers":{"total":1,"enabled":1},"detections":{…
5:38:47 PM [express] GET /api/detections 304 in 3ms :: []
5:38:48 PM [express] GET /api/detections 304 in 2ms :: []
5:38:49 PM [express] GET /api/training-history 304 in 3ms :: []
5:38:49 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:38:59 PM [express] GET /api/training-history 304 in 11ms :: []
5:38:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:39:09 PM [express] GET /api/training-history 304 in 11ms :: []
5:39:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:39:19 PM [express] GET /api/training-history 304 in 11ms :: []
5:39:19 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:39:29 PM [express] GET /api/training-history 304 in 11ms :: []
5:39:29 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:39:39 PM [express] GET /api/training-history 304 in 11ms :: []
5:39:39 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:39:50 PM [express] GET /api/training-history 200 in 12ms :: []
5:39:50 PM [express] GET /api/ml/stats 200 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:00 PM [express] GET /api/training-history 304 in 12ms :: []
5:40:00 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:10 PM [express] GET /api/training-history 304 in 13ms :: []
5:40:10 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:13 PM [express] POST /api/ml/train 200 in 4ms :: {"message":"Training avviato in background","m…
5:40:13 PM [express] GET /api/training-history 304 in 2ms :: []
5:40:13 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:23 PM [express] GET /api/training-history 304 in 12ms :: []
5:40:23 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:33 PM [express] GET /api/training-history 304 in 11ms :: []
5:40:33 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:40:44 PM [express] GET /api/training-history 304 in 13ms :: []
5:40:44 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…

55
attached_assets/Pasted--AGGIORNAMENTO-COMPLETATO--1763997526366_1763997526366.txt
View File

@ -1,55 +0,0 @@
╔═══════════════════════════════════════════════╗
║ ✅ AGGIORNAMENTO COMPLETATO ║
╚═══════════════════════════════════════════════╝
📋 VERIFICA SISTEMA:
• Log backend: tail -f /var/log/ids/backend.log
• Log frontend: tail -f /var/log/ids/frontend.log
• API backend: curl http://localhost:8000/health
• Frontend: curl http://localhost:5000
📊 STATO SERVIZI:
root 20860 0.0 0.0 18344 6400 pts/3 S+ Nov22 0:00 sudo tail -f /var/log/ids/syslog_parser.log
root 20862 0.0 0.0 3088 1536 pts/3 S+ Nov22 0:02 tail -f /var/log/ids/syslog_parser.log
ids 64096 4.0 1.8 1394944 291304 ? Ssl 12:12 9:44 /opt/ids/python_ml/venv/bin/python3 main.py
ids 64102 16.0 0.1 52084 19456 ? Ss 12:12 38:36 /opt/ids/python_ml/venv/bin/python3 syslog_parser.py
root 69074 0.0 0.2 731152 33612 pts/0 Rl+ 16:13 0:00 /usr/bin/node /usr/bin/npm run dev
[root@ids ids]# sudo /opt/ids/deployment/setup_analytics_timer.sh
╔═══════════════════════════════════════════════╗
║ IDS Analytics Timer Setup ║
╚═══════════════════════════════════════════════╝
📋 Copia file systemd...
🔄 Reload systemd daemon...
⚙ Enable e start timer...
📊 Stato timer:
● ids-analytics-aggregator.timer - IDS Analytics Aggregation Timer - Runs every hour
Loaded: loaded (/etc/systemd/system/ids-analytics-aggregator.timer; enabled; preset: disabled)
Active: active (waiting) since Mon 2025-11-24 12:13:35 CET; 4h 3min ago
Until: Mon 2025-11-24 12:13:35 CET; 4h 3min ago
Trigger: Mon 2025-11-24 17:05:00 CET; 47min left
Triggers: ● ids-analytics-aggregator.service
Nov 24 12:13:35 ids.alfacom.it systemd[1]: Stopped IDS Analytics Aggregation Timer - Runs every hour.
Nov 24 12:13:35 ids.alfacom.it systemd[1]: Stopping IDS Analytics Aggregation Timer - Runs every hour...
Nov 24 12:13:35 ids.alfacom.it systemd[1]: Started IDS Analytics Aggregation Timer - Runs every hour.
📅 Prossime esecuzioni:
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2025-11-24 17:05:00 CET 47min left Mon 2025-11-24 16:05:01 CET 12min ago ids-analytics-aggregator.timer ids-analytics-aggregator.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.
╔═══════════════════════════════════════════════╗
║ ✅ ANALYTICS TIMER CONFIGURATO ║
╚═══════════════════════════════════════════════╝
📝 Comandi utili:
Stato timer: sudo systemctl status ids-analytics-aggregator.timer
Prossime run: sudo systemctl list-timers
Log aggregazione: sudo journalctl -u ids-analytics-aggregator -f
Test manuale: sudo systemctl start ids-analytics-aggregator

43
attached_assets/Pasted--Aggiornamento-dipendenze-Python-Defaulting-to-user-installation-because-normal-site-packages--1764002209926_1764002209926.txt
View File

@ -1,43 +0,0 @@
📦 Aggiornamento dipendenze Python...
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: fastapi==0.104.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (0.104.1)
Requirement already satisfied: uvicorn==0.24.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (0.24.0)
Requirement already satisfied: pandas==2.1.3 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.1.3)
Requirement already satisfied: numpy==1.26.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.26.2)
Requirement already satisfied: scikit-learn==1.3.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 5)) (1.3.2)
Requirement already satisfied: psycopg2-binary==2.9.9 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 6)) (2.9.9)
Requirement already satisfied: python-dotenv==1.0.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 7)) (1.0.0)
Requirement already satisfied: pydantic==2.5.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 8)) (2.5.0)
Requirement already satisfied: httpx==0.25.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 9)) (0.25.1)
Collecting Cython==3.0.5
Downloading Cython-3.0.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.6/3.6 MB 8.9 MB/s eta 0:00:00
Collecting xgboost==2.0.3
Using cached xgboost-2.0.3-py3-none-manylinux2014_x86_64.whl (297.1 MB)
Collecting joblib==1.3.2
Using cached joblib-1.3.2-py3-none-any.whl (302 kB)
Collecting eif==2.0.2
Using cached eif-2.0.2.tar.gz (1.6 MB)
Preparing metadata (setup.py) ... error
error: subprocess-exited-with-error
× python setup.py egg_info did not run successfully.
│ exit code: 1
╰─> [6 lines of output]
Traceback (most recent call last):
File "<string>", line 2, in <module>
File "<pip-setuptools-caller>", line 34, in <module>
File "/tmp/pip-install-843eies2/eif_72b54a0861444b02867269ed1670c0ce/setup.py", line 4, in <module>
from Cython.Distutils import build_ext
ModuleNotFoundError: No module named 'Cython'
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed
× Encountered error while generating package metadata.
╰─> See above for output.
note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

111
attached_assets/Pasted--Aggiornamento-schema-database-Applicando-migrazioni-SQL-Sistema-Migrazioni-Database--1763804201179_1763804201179.txt
View File

@ -1,111 +0,0 @@
 Aggiornamento schema database...
Applicando migrazioni SQL...
 Sistema Migrazioni Database (Versioned)
 Verifica sistema versioning...
psql:/opt/ids/database-schema/migrations/000_init_schema_version.sql:14: NOTICE: relation "schema_version" already exists, skipping
✅ Sistema versioning attivo
 Versione database corrente: 2
✅ Database già aggiornato (nessuna migrazione da applicare)
✅ Migrazioni SQL applicate
Sincronizzando schema Drizzle...
> rest-express@1.0.0 db:push
> drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file '/opt/ids/drizzle.config.ts'
Using 'pg' driver for database querying
[✓] Pulling schema from database...
[✓] Changes applied
✅ Schema database completamente sincronizzato
 Configurazione RSyslog (log MikroTik)...
✅ RSyslog già configurato
 Restart servizi...
✅ Servizi riavviati
╔═══════════════════════════════════════════════╗
║ ✅ AGGIORNAMENTO COMPLETATO ║
╚═══════════════════════════════════════════════╝
 VERIFICA SISTEMA:
• Log backend: tail -f /var/log/ids/backend.log
• Log frontend: tail -f /var/log/ids/frontend.log
• API backend: curl http://localhost:8000/health
• Frontend: curl http://localhost:5000
 STATO SERVIZI:
ids 1547 6.0 4.0 2187384 650548 ? Sl Nov21 57:18 /usr/bin/python3.11 main.py
root 12542 0.0 0.0 18344 8576 pts/3 S 09:45 0:00 sudo -u ids python3 syslog_parser.py
ids 12544 0.2 0.1 52844 27132 pts/3 S 09:45 0:06 python3 syslog_parser.py
root 13114 0.0 0.0 18344 8576 pts/3 S 09:58 0:00 sudo -u ids python3 syslog_parser.py
ids 13116 8.3 0.1 52928 27136 pts/3 S 09:58 3:04 python3 syslog_parser.py
root 14333 0.0 0.2 729796 33360 pts/0 Rl+ 10:35 0:00 /usr/bin/node /usr/bin/npm run dev
[root@ids ids]# sudo ./deployment/setup_systemd_services.sh
 Setup Systemd Services per IDS
 Generazione IDS_API_KEY...
✅ IDS_API_KEY generata e salvata in .env
 Installazione systemd units...
♻ Reload systemd daemon...
⏸ Fermando processi manuali esistenti...
 Attivazione servizi...
Created symlink /etc/systemd/system/multi-user.target.wants/ids-ml-backend.service → /etc/systemd/system/ids-ml-backend.service.
✅ ids-ml-backend.service attivato
Created symlink /etc/systemd/system/multi-user.target.wants/ids-syslog-parser.service → /etc/systemd/system/ids-syslog-parser.service.
✅ ids-syslog-parser.service attivato
📊 Status Servizi:
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:35:57 CET; 2s ago
Process: 14445 ExecStart=/usr/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 14445 (code=exited, status=1/FAILURE)
CPU: 21ms
● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:35:57 CET; 2s ago
Main PID: 14471 (python3)
Tasks: 1 (limit: 100409)
Memory: 10.8M (max: 1.0G available: 1013.1M)
CPU: 236ms
CGroup: /system.slice/ids-syslog-parser.service
└─14471 /usr/bin/python3 syslog_parser.py
╔═══════════════════════════════════════════════╗
║ ✅ SYSTEMD SERVICES CONFIGURATI ║
╚═══════════════════════════════════════════════╝
📚 COMANDI UTILI:
systemctl status ids-ml-backend - Status ML Backend
systemctl status ids-syslog-parser - Status Syslog Parser
systemctl restart ids-ml-backend - Restart ML Backend
systemctl restart ids-syslog-parser - Restart Syslog Parser
journalctl -u ids-ml-backend -f - Log ML Backend
journalctl -u ids-syslog-parser -f - Log Syslog Parser
[root@ids ids]# systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:35:57 CET; 8s ago
Process: 14445 ExecStart=/usr/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 14445 (code=exited, status=1/FAILURE)
CPU: 21ms
[root@ids ids]# systemctl status ids-syslog-parser
● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:35:57 CET; 20s ago
Main PID: 14471 (python3)
Tasks: 1 (limit: 100409)
Memory: 11.0M (max: 1.0G available: 1012.9M)
CPU: 1.699s
CGroup: /system.slice/ids-syslog-parser.service
└─14471 /usr/bin/python3 syslog_parser.py
Nov 22 10:35:57 ids.alfacom.it systemd[1]: Started IDS Syslog Parser (Network Logs Processor).
[root@ids ids]#

179
attached_assets/Pasted--Found-existing-installation-joblib-1-5-2-Uninstalling-joblib-1-5-2-Successfully-unin-1763805718013_1763805718013.txt
View File

@ -1,179 +0,0 @@
Found existing installation: joblib 1.5.2
Uninstalling joblib-1.5.2:
Successfully uninstalled joblib-1.5.2
Successfully installed joblib-1.3.2
✅ Dipendenze Python installate
 Impostazione permessi...
 Verifica installazione:
✅ FastAPI: 0.104.1
✅ Uvicorn: 0.24.0
✅ Scikit-learn: 1.3.2
✅ Pandas: 2.1.3
✅ HTTPX: 0.25.1
✅ Joblib: 1.3.2
╔═══════════════════════════════════════════════╗
║ ✅ DIPENDENZE PYTHON INSTALLATE ║
╚═══════════════════════════════════════════════╝
 NOTA:
Il virtual environment è in: /opt/ids/python_ml/venv
I systemd services useranno automaticamente questo venv
[root@ids ids]# sudo systemctl restart ids-ml-backend
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 11:00:28 CET; 5s ago
Process: 16204 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 16204 (code=exited, status=1/FAILURE)
CPU: 3.933s
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 11:00:28 CET; 7s ago
Process: 16204 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 16204 (code=exited, status=1/FAILURE)
CPU: 3.933s
[root@ids ids]# tail -30 /var/log/ids/ml_backend.log
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 12, in <module>
import pandas as pd
ModuleNotFoundError: No module named 'pandas'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 20, in <module>
from ml_analyzer import MLAnalyzer
File "/opt/ids/python_ml/ml_analyzer.py", line 8, in <module>
from sklearn.ensemble import IsolationForest
ModuleNotFoundError: No module named 'sklearn'
INFO: Started server process [16144]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16204]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 11:01:03 CET; 1s ago
Main PID: 16291 (python3)
Tasks: 15 (limit: 100409)
Memory: 100.2M (max: 2.0G available: 1.9G)
CPU: 3.101s
CGroup: /system.slice/ids-ml-backend.service
└─16291 /opt/ids/python_ml/venv/bin/python3 main.py
Nov 22 11:01:03 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 11:01:05 CET; 9s ago
Process: 16291 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 16291 (code=exited, status=1/FAILURE)
CPU: 3.804s
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 11:01:17 CET; 251ms ago
Process: 16321 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 16321 (code=exited, status=1/FAILURE)
CPU: 3.840s
[root@ids ids]# tail -30 /var/log/ids/ml_backend.log
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16257]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16291]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16321]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 11:01:27 CET; 2s ago
Main PID: 16348 (python3)
Tasks: 19 (limit: 100409)
Memory: 118.4M (max: 2.0G available: 1.8G)
CPU: 3.872s
CGroup: /system.slice/ids-ml-backend.service
└─16348 /opt/ids/python_ml/venv/bin/python3 main.py
Nov 22 11:01:27 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
[root@ids ids]# sudo systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 11:01:30 CET; 4s ago
Process: 16348 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 16348 (code=exited, status=1/FAILURE)
CPU: 3.911s
Nov 22 11:01:30 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 11:01:30 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.911s CPU time.
[root@ids ids]# tail -30 /var/log/ids/ml_backend.log
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16291]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16321]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [16348]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs

56
attached_assets/Pasted--Fri-Nov-21-16-46-54-CET-2025-Frontend-Node-NON-attivo-riavvio-Fri-Nov-21-16-46-56-CET-2025-1763740277999_1763740277999.txt
View File

@ -1,56 +0,0 @@
[Fri Nov 21 16:46:54 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 16:46:56 CET 2025] Frontend riavviato con PID: 10083
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
4:46:58 PM [express] serving on port 5000
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
4:49:03 PM [express] GET /api/stats 500 in 39ms :: {"error":"Failed to fetch stats"}
4:49:03 PM [express] GET /api/detections 500 in 13ms :: {"error":"Failed to fetch detections"}
4:49:03 PM [express] GET /api/routers 500 in 11ms :: {"error":"Failed to fetch routers"}
4:49:06 PM [express] GET /api/stats 500 in 11ms :: {"error":"Failed to fetch stats"}
4:49:06 PM [express] GET /api/detections 500 in 8ms :: {"error":"Failed to fetch detections"}
4:49:06 PM [express] GET /api/routers 500 in 6ms :: {"error":"Failed to fetch routers"}
4:49:08 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:10 PM [express] GET /api/training-history 500 in 42ms :: {"error":"Failed to fetch training his…
4:49:10 PM [express] GET /api/ml/stats 200 in 70ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:15 PM [express] POST /api/ml/train 200 in 10ms :: {"message":"Training avviato in background","…
4:49:15 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:49:15 PM [express] GET /api/ml/stats 200 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:21 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
4:49:21 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:27 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:49:27 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:31 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:31 PM [express] GET /api/ml/stats 200 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:33 PM [express] GET /api/routers 500 in 5ms :: {"error":"Failed to fetch routers"}
4:49:36 PM [express] GET /api/whitelist 500 in 4ms :: {"error":"Failed to fetch whitelist"}
4:49:38 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
4:49:39 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
4:49:39 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:41 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:42 PM [express] GET /api/stats 500 in 4ms :: {"error":"Failed to fetch stats"}
4:49:43 PM [express] GET /api/detections 500 in 6ms :: {"error":"Failed to fetch detections"}
4:49:43 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
4:49:44 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:44 PM [express] GET /api/ml/stats 200 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:54 PM [express] GET /api/training-history 500 in 8ms :: {"error":"Failed to fetch training hist…
4:49:54 PM [express] GET /api/ml/stats 304 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:57 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:59 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:00 PM [express] GET /api/routers 500 in 3ms :: {"error":"Failed to fetch routers"}
4:50:01 PM [express] GET /api/whitelist 500 in 4ms :: {"error":"Failed to fetch whitelist"}
4:50:02 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:50:02 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:12 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:50:12 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:22 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:50:22 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:32 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:50:33 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…

60
attached_assets/Pasted--INFO-Processate-16200-righe-salvate-0-log-INFO-Processate-16300-righe-salvate-0-log-INFO-Pro-1763400819071_1763400819072.txt
View File

@ -1,60 +0,0 @@
[INFO] Processate 16200 righe, salvate 0 log
[INFO] Processate 16300 righe, salvate 0 log
[INFO] Processate 16400 righe, salvate 0 log
[INFO] Processate 16500 righe, salvate 0 log
[INFO] Processate 16600 righe, salvate 0 log
[INFO] Processate 16700 righe, salvate 0 log
[INFO] Processate 16800 righe, salvate 0 log
[INFO] Processate 16900 righe, salvate 0 log
[INFO] Processate 17000 righe, salvate 0 log
[INFO] Processate 17100 righe, salvate 0 log
[INFO] Processate 17200 righe, salvate 0 log
[INFO] Processate 17300 righe, salvate 0 log
[INFO] Processate 17400 righe, salvate 0 log
[INFO] Processate 17500 righe, salvate 0 log
[INFO] Processate 17600 righe, salvate 0 log
[INFO] Processate 17700 righe, salvate 0 log
[INFO] Processate 17800 righe, salvate 0 log
[INFO] Processate 17900 righe, salvate 0 log
[INFO] Processate 18000 righe, salvate 0 log
[INFO] Processate 18100 righe, salvate 0 log[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
[INFO] Processate 71100 righe, salvate 0 log
[INFO] Processate 71200 righe, salvate 0 log
[INFO] Processate 71300 righe, salvate 0 log
[INFO] Processate 71400 righe, salvate 0 log
[INFO] Processate 71500 righe, salvate 0 log
[INFO] Processate 71600 righe, salvate 0 log
[INFO] Processate 71700 righe, salvate 0 log
[INFO] Processate 71800 righe, salvate 0 log
[INFO] Processate 71900 righe, salvate 0 log
[INFO] Processate 72000 righe, salvate 0 log
[INFO] Processate 72100 righe, salvate 0 log
[INFO] Processate 72200 righe, salvate 0 log
[INFO] Processate 72300 righe, salvate 0 log
[INFO] Processate 72400 righe, salvate 0 log
[INFO] Processate 72500 righe, salvate 0 log
[INFO] Processate 72600 righe, salvate 0 log
[INFO] Processate 72700 righe, salvate 0 log
[INFO] Processate 72800 righe, salvate 0 log
[INFO] Processate 72900 righe, salvate 0 log
[INFO] Processate 73000 righe, salvate 0 log[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
[INFO] Processate 107400 righe, salvate 0 log
[INFO] Processate 107500 righe, salvate 0 log
[INFO] Processate 107600 righe, salvate 0 log
[INFO] Processate 107700 righe, salvate 0 log
[INFO] Processate 107800 righe, salvate 0 log
[INFO] Processate 107900 righe, salvate 0 log
[INFO] Processate 108000 righe, salvate 0 log
[INFO] Processate 108100 righe, salvate 0 log
[INFO] Processate 108200 righe, salvate 0 log
[INFO] Processate 108300 righe, salvate 0 log
[INFO] Processate 108400 righe, salvate 0 log
[INFO] Processate 108500 righe, salvate 0 log
[INFO] Processate 108600 righe, salvate 0 log
[INFO] Processate 108700 righe, salvate 0 log
[INFO] Processate 108800 righe, salvate 0 log
[INFO] Processate 108900 righe, salvate 0 log
[INFO] Processate 109000 righe, salvate 0 log
[INFO] Processate 109100 righe, salvate 0 log
[INFO] Processate 109200 righe, salvate 0 log
[INFO] Processate 109300 righe, salvate 0 log

124
attached_assets/Pasted--Status-Servizi-ids-ml-backend-service-IDS-ML-Backend-FastAPI-Loaded-loaded-etc-sys-1763805400723_1763805400723.txt
View File

@ -1,124 +0,0 @@
 Status Servizi:
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:55:17 CET; 348ms ago
Process: 15380 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 15380 (code=exited, status=1/FAILURE)
CPU: 3.435s
● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:55:15 CET; 2s ago
Main PID: 15405 (python3)
Tasks: 1 (limit: 100409)
Memory: 10.7M (max: 1.0G available: 1013.2M)
CPU: 324ms
CGroup: /system.slice/ids-syslog-parser.service
└─15405 /opt/ids/python_ml/venv/bin/python3 syslog_parser.py
╔═══════════════════════════════════════════════╗
║ ✅ SYSTEMD SERVICES CONFIGURATI ║
╚═══════════════════════════════════════════════╝
 COMANDI UTILI:
systemctl status ids-ml-backend - Status ML Backend
systemctl status ids-syslog-parser - Status Syslog Parser
systemctl restart ids-ml-backend - Restart ML Backend
systemctl restart ids-syslog-parser - Restart Syslog Parser
journalctl -u ids-ml-backend -f - Log ML Backend
journalctl -u ids-syslog-parser -f - Log Syslog Parser
[root@ids ids]# # Verifica status servizi
systemctl status ids-ml-backend
systemctl status ids-syslog-parser
# Entrambi dovrebbero mostrare "Active: active (running)"
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:55:17 CET; 4s ago
Process: 15380 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 15380 (code=exited, status=1/FAILURE)
CPU: 3.435s
● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:55:15 CET; 5s ago
Main PID: 15405 (python3)
Tasks: 1 (limit: 100409)
Memory: 10.7M (max: 1.0G available: 1013.2M)
CPU: 627ms
CGroup: /system.slice/ids-syslog-parser.service
└─15405 /opt/ids/python_ml/venv/bin/python3 syslog_parser.py
Nov 22 10:55:15 ids.alfacom.it systemd[1]: Started IDS Syslog Parser (Network Logs Processor).
[root@ids ids]# systemctl status ids-syslog-parser
● ids-syslog-parser.service - IDS Syslog Parser (Network Logs Processor)
Loaded: loaded (/etc/systemd/system/ids-syslog-parser.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:55:15 CET; 14s ago
Main PID: 15405 (python3)
Tasks: 1 (limit: 100409)
Memory: 10.8M (max: 1.0G available: 1013.1M)
CPU: 1.268s
CGroup: /system.slice/ids-syslog-parser.service
└─15405 /opt/ids/python_ml/venv/bin/python3 syslog_parser.py
Nov 22 10:55:15 ids.alfacom.it systemd[1]: Started IDS Syslog Parser (Network Logs Processor).
[root@ids ids]# systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:55:29 CET; 7s ago
Process: 15441 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 15441 (code=exited, status=1/FAILURE)
CPU: 3.642s
[root@ids ids]# systemctl restart ids-ml-backend
[root@ids ids]# systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-22 10:55:48 CET; 1s ago
Main PID: 15482 (python3)
Tasks: 15 (limit: 100409)
Memory: 110.1M (max: 2.0G available: 1.8G)
CPU: 3.357s
CGroup: /system.slice/ids-ml-backend.service
└─15482 /opt/ids/python_ml/venv/bin/python3 main.py
Nov 22 10:55:48 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
[root@ids ids]# systemctl status ids-ml-backend
● ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2025-11-22 10:55:50 CET; 3s ago
Process: 15482 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 15482 (code=exited, status=1/FAILURE)
CPU: 3.607s
[root@ids ids]# tail -30 /var/log/ids/ml_backend.log
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 21, in <module>
from mikrotik_manager import MikroTikManager
File "/opt/ids/python_ml/mikrotik_manager.py", line 6, in <module>
import httpx
ModuleNotFoundError: No module named 'httpx'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 21, in <module>
from mikrotik_manager import MikroTikManager
File "/opt/ids/python_ml/mikrotik_manager.py", line 6, in <module>
import httpx
ModuleNotFoundError: No module named 'httpx'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 21, in <module>
from mikrotik_manager import MikroTikManager
File "/opt/ids/python_ml/mikrotik_manager.py", line 6, in <module>
import httpx
ModuleNotFoundError: No module named 'httpx'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 21, in <module>
from mikrotik_manager import MikroTikManager
File "/opt/ids/python_ml/mikrotik_manager.py", line 6, in <module>
import httpx
ModuleNotFoundError: No module named 'httpx'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 21, in <module>
from mikrotik_manager import MikroTikManager
File "/opt/ids/python_ml/mikrotik_manager.py", line 6, in <module>
import httpx
ModuleNotFoundError: No module named 'httpx'

70
attached_assets/Pasted--VERIFICA-SISTEMA-Log-backend-tail-f-var-log-ids-backend-log-Log-frontend-tail-f--1763740954834_1763740954834.txt
View File

@ -1,70 +0,0 @@
 VERIFICA SISTEMA:
• Log backend: tail -f /var/log/ids/backend.log
• Log frontend: tail -f /var/log/ids/frontend.log
• API backend: curl http://localhost:8000/health
• Frontend: curl http://localhost:5000
 STATO SERVIZI:
ids 5038 0.2 2.0 1894024 331912 ? Sl 09:20 1:10 /usr/bin/python3.11 main.py
root 10798 0.0 0.1 730192 31688 pts/2 Rl+ 17:01 0:00 /usr/bin/node /usr/bin/npm run dev
[root@ids ids]# sudo -u ids /opt/ids/deployment/restart_all.sh
pkill: killing pid 10842 failed: Operation not permitted
pkill: killing pid 10798 failed: Operation not permitted
[root@ids ids]# curl http://localhost:5000/api/stats
curl http://localhost:5000/api/routers
curl http://localhost:5000/api/detections
{"error":"Failed to fetch stats"}{"error":"Failed to fetch routers"}{"error":"Failed to fetch detections"}[root@ids ids]#
[root@ids ids]# tail -50 /var/log/ids/frontend.log
> NODE_ENV=development tsx server/index.ts
5:00:00 PM [express] serving on port 5000
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
5:00:03 PM [express] GET /api/training-history 500 in 70ms :: {"error":"Failed to fetch training his…
5:00:03 PM [express] GET /api/ml/stats 304 in 70ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:00:13 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:00:13 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:00:18 PM [express] GET /api/stats 500 in 6ms :: {"error":"Failed to fetch stats"}
5:00:23 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
5:00:23 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:00:26 PM [express] GET /api/routers 500 in 5ms :: {"error":"Failed to fetch routers"}
5:00:33 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:00:33 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:00:35 PM [express] GET /api/detections 500 in 5ms :: {"error":"Failed to fetch detections"}
5:00:43 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:00:43 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:00:53 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:00:53 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:01:08 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:01:10 CET 2025] Frontend riavviato con PID: 10798
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
5:01:12 PM [express] serving on port 5000
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
5:01:15 PM [express] GET /api/training-history 500 in 64ms :: {"error":"Failed to fetch training his…
5:01:15 PM [express] GET /api/ml/stats 304 in 65ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:01:19 PM [express] GET /api/stats 500 in 10ms :: {"error":"Failed to fetch stats"}
5:01:19 PM [express] GET /api/detections 500 in 7ms :: {"error":"Failed to fetch detections"}
5:01:19 PM [express] GET /api/routers 500 in 6ms :: {"error":"Failed to fetch routers"}
5:01:21 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
5:01:22 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:01:23 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:01:33 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:01:33 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:01:43 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
5:01:43 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:01:53 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
5:01:53 PM [express] GET /api/ml/stats 304 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:02:03 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
5:02:03 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:02:08 PM [express] GET /api/stats 500 in 5ms :: {"error":"Failed to fetch stats"}
5:02:08 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
5:02:08 PM [express] GET /api/detections 500 in 3ms :: {"error":"Failed to fetch detections"}
5:02:13 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
5:02:13 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ids]#

81
attached_assets/Pasted--crontab-u-ids-l-SISTEMA-IDS-CONFIGURAZIONE-AUT-1763454150778_1763454150778.txt
View File

@ -1,81 +0,0 @@
crontab -u ids -l
# ============================================
# SISTEMA IDS - CONFIGURAZIONE AUTOMATICA
# ============================================
# Training ML ogni 12 ore (alle 00:00 e 12:00)
0 */12 * * * cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/train', json={'max_records': 10000, 'hours_back': 24})" >> /var/log/ids/training.log 2>&1
# Detection automatica ogni 5 minuti
*/5 * * * * cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1
# Verifica processo backend Python ogni 5 minuti (riavvia se non attivo)
*/5 * * * * /opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1
# Verifica processo frontend ogni 5 minuti (riavvia se non attivo)
*/5 * * * * /opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1
# Pulizia log settimanale (ogni domenica alle 02:00)
0 2 * * 0 find /var/log/ids -name "*.log" -size +100M -exec truncate -s 50M {} \; >> /var/log/ids/cron.log 2>&1
# Restart completo del sistema ogni settimana (domenica alle 03:00)
0 3 * * 0 /opt/ids/deployment/restart_all.sh >> /var/log/ids/cron.log 2>&1
# Backup database giornaliero (alle 04:00)
0 4 * * * /opt/ids/deployment/backup_db.sh >> /var/log/ids/cron.log 2>&1
[root@ids ids]# curl -X POST http://localhost:8000/train \
-H "Content-Type: application/json" \
-d '{"max_records": 100000, "hours_back": 24}'
{"message":"Training avviato in background","max_records":100000,"hours_back":24}[root@ids ids]#
psql -h 127.0.0.1 -U ids_user -d ids_database -c "
SELECT model_version, records_processed, status, trained_at
FROM training_history
ORDER BY trained_at DESC
LIMIT 10;
"
Password for user ids_user:
model_version | records_processed | status | trained_at
---------------+-------------------+--------+------------
(0 rows)
[root@ids var]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "
SELECT source_ip, risk_score, detected_at
FROM detections
ORDER BY detected_at DESC
LIMIT 20;
"
Password for user ids_user:
source_ip | risk_score | detected_at
----------------+------------+----------------------------
64.34.90.127 | 77.42 | 2025-11-18 08:25:29.648227
10.0.249.226 | 78.49 | 2025-11-18 08:25:29.648227
10.0.249.26 | 78.65 | 2025-11-18 08:25:29.648227
72.46.85.161 | 78.76 | 2025-11-18 08:25:29.648227
160.202.129.17 | 78.98 | 2025-11-18 08:25:29.648227
213.175.208.76 | 79.34 | 2025-11-18 08:25:29.648227
67.213.119.137 | 79.84 | 2025-11-18 08:25:29.648227
185.203.25.157 | 82.51 | 2025-11-18 08:25:29.648227
10.1.0.254 | 84.36 | 2025-11-18 08:25:29.648227
185.203.25.254 | 85.57 | 2025-11-18 08:25:29.648227
185.203.25.69 | 85.87 | 2025-11-18 08:25:29.648227
10.0.254.124 | 87.74 | 2025-11-18 08:25:29.648227
37.59.16.12 | 90.28 | 2025-11-18 08:25:29.648227
79.124.56.186 | 91.24 | 2025-11-18 08:25:29.648227
37.59.16.20 | 91.24 | 2025-11-18 08:25:29.648227
10.0.249.160 | 91.35 | 2025-11-18 08:25:29.648227
54.36.50.241 | 92.52 | 2025-11-18 08:25:29.648227
185.203.26.17 | 92.52 | 2025-11-18 08:25:29.648227
185.203.26.34 | 92.63 | 2025-11-18 08:25:29.648227
185.203.24.23 | 95.45 | 2025-11-18 08:25:29.648227
(20 rows)
psql -h 127.0.0.1 -U ids_user -d ids_database -c "
SELECT model_version, records_processed, status, trained_at
FROM training_history
ORDER BY trained_at DESC
LIMIT 10;
"
Password for user ids_user:
model_version | records_processed | status | trained_at
---------------+-------------------+---------+----------------------------
1.0.0 | 100000 | success | 2025-11-18 08:37:28.627906
(1 row)

60
attached_assets/Pasted--deployment-install-ml-deps-sh-INSTALLAZIONE--1764003947190_1764003947190.txt
View File

@ -1,60 +0,0 @@
./deployment/install_ml_deps.sh
╔═══════════════════════════════════════════════╗
║ INSTALLAZIONE DIPENDENZE ML HYBRID ║
╚═══════════════════════════════════════════════╝
 Directory corrente: /opt/ids/python_ml
 Attivazione virtual environment...
 Python in uso: /opt/ids/python_ml/venv/bin/python
📦 Step 1/3: Installazione build dependencies (Cython + numpy)...
Collecting Cython==3.0.5
Downloading Cython-3.0.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.2 kB)
Downloading Cython-3.0.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.6/3.6 MB 59.8 MB/s 0:00:00
Installing collected packages: Cython
Successfully installed Cython-3.0.5
✅ Cython installato con successo
📦 Step 2/3: Verifica numpy disponibile...
✅ numpy 1.26.2 già installato
📦 Step 3/3: Installazione dipendenze ML (xgboost, joblib, eif)...
Collecting xgboost==2.0.3
Downloading xgboost-2.0.3-py3-none-manylinux2014_x86_64.whl.metadata (2.0 kB)
Requirement already satisfied: joblib==1.3.2 in ./venv/lib64/python3.11/site-packages (1.3.2)
Collecting eif==2.0.2
Downloading eif-2.0.2.tar.gz (1.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 6.7 MB/s 0:00:00
Installing build dependencies ... done
Getting requirements to build wheel ... error
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> [20 lines of output]
Traceback (most recent call last):
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 389, in <module>
main()
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 373, in main
json_out["return_val"] = hook(**hook_input["kwargs"])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 143, in get_requires_for_build_wheel
return hook(config_settings)
^^^^^^^^^^^^^^^^^^^^^
File "/tmp/pip-build-env-9buits4u/overlay/lib/python3.11/site-packages/setuptools/build_meta.py", line 331, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=[])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/pip-build-env-9buits4u/overlay/lib/python3.11/site-packages/setuptools/build_meta.py", line 301, in _get_build_requires
self.run_setup()
File "/tmp/pip-build-env-9buits4u/overlay/lib/python3.11/site-packages/setuptools/build_meta.py", line 512, in run_setup
super().run_setup(setup_script=setup_script)
File "/tmp/pip-build-env-9buits4u/overlay/lib/python3.11/site-packages/setuptools/build_meta.py", line 317, in run_setup
exec(code, locals())
File "<string>", line 3, in <module>
ModuleNotFoundError: No module named 'numpy'
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed to build 'eif' when getting requirements to build wheel

40
attached_assets/Pasted--deployment-install-ml-deps-sh-INSTALLAZIONE-1764003628537_1764003628537.txt
View File

@ -1,40 +0,0 @@
./deployment/install_ml_deps.sh
╔═══════════════════════════════════════════════╗
║ INSTALLAZIONE DIPENDENZE ML HYBRID ║
╚═══════════════════════════════════════════════╝
📍 Directory corrente: /opt/ids/python_ml
📦 Step 1/2: Installazione Cython (richiesto per compilare eif)...
Collecting Cython==3.0.5
Downloading Cython-3.0.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.6 MB)
|████████████████████████████████| 3.6 MB 6.2 MB/s
Installing collected packages: Cython
Successfully installed Cython-3.0.5
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
✅ Cython installato con successo
📦 Step 2/2: Installazione dipendenze ML (xgboost, joblib, eif)...
Collecting xgboost==2.0.3
Downloading xgboost-2.0.3-py3-none-manylinux2014_x86_64.whl (297.1 MB)
|████████████████████████████████| 297.1 MB 13 kB/s
Collecting joblib==1.3.2
Downloading joblib-1.3.2-py3-none-any.whl (302 kB)
|████████████████████████████████| 302 kB 41.7 MB/s
Collecting eif==2.0.2
Downloading eif-2.0.2.tar.gz (1.6 MB)
|████████████████████████████████| 1.6 MB 59.4 MB/s
Preparing metadata (setup.py) ... error
ERROR: Command errored out with exit status 1:
command: /usr/bin/python3 -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-xpd6jc3z/eif_1c539132fe1d4772ada0979407304392/setup.py'"'"'; __file__='"'"'/tmp/pip-install-xpd6jc3z/eif_1c539132fe1d4772ada0979407304392/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-lg0m0ish
cwd: /tmp/pip-install-xpd6jc3z/eif_1c539132fe1d4772ada0979407304392/
Complete output (5 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-install-xpd6jc3z/eif_1c539132fe1d4772ada0979407304392/setup.py", line 3, in <module>
import numpy
ModuleNotFoundError: No module named 'numpy'
----------------------------------------
WARNING: Discarding https://files.pythonhosted.org/packages/83/b2/d87d869deeb192ab599c899b91a9ad1d3775d04f5b7adcaf7ff6daa54c24/eif-2.0.2.tar.gz#sha256=86e2c98caf530ae73d8bc7153c1bf6b9684c905c9dfc7bdab280846ada1e45ab (from https://pypi.org/simple/eif/). Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement eif==2.0.2 (from versions: 1.0.0, 1.0.1, 1.0.2, 2.0.2)
ERROR: No matching distribution found for eif==2.0.2

254
attached_assets/Pasted--deployment-run-analytics-sh-hourly-Esecuzione-aggregazione-hourly-ANALYTICS-Aggregazione-or-1763978174308_1763978174308.txt
View File

@ -1,254 +0,0 @@
./deployment/run_analytics.sh hourly
 Esecuzione aggregazione hourly...
[ANALYTICS] Aggregazione oraria: 2025-11-24 09:00
[ANALYTICS] ✅ Aggregazione completata:
- Totale: 7182065 pacchetti, 27409 IP unici
- Normale: 6922072 pacchetti (96%)
- Attacchi: 259993 pacchetti (3%), 15 IP
✅ Aggregazione hourly completata!
[root@ids ids]# ./deployment/restart_frontend.sh
 Restart Frontend Node.js...
⏸ Stopping existing processes...
 Starting frontend...
❌ Errore: Frontend non avviato!
 Controlla log: tail -f /var/log/ids/frontend.log
[root@ids ids]# curl -s http://localhost:5000/api/analytics/recent?days=7&hourly=true | jq '. | length'
[1] 59354
[root@ids ids]# echo "=== DIAGNOSTICA IDS ANALYTICS ===" > /tmp/ids_diagnostic.txtxt
echo "" >> /tmp/ids_diagnostic.txt
[1]+ Done curl -s http://localhost:5000/api/analytics/recent?days=7
[root@ids ids]# tail -f /var/log/ids/frontend.log
[Mon Nov 24 10:15:13 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:15:15 CET 2025] Frontend riavviato con PID: 59307
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
10:15:17 AM [express] serving on port 5000
✅ Database connection successful
10:15:34 AM [express] GET /api/analytics/recent 200 in 32ms :: []
[Mon Nov 24 10:20:01 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:20:03 CET 2025] Frontend riavviato con PID: 59406
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:25:02 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:25:04 CET 2025] Frontend riavviato con PID: 59511
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:30:01 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:30:03 CET 2025] Frontend riavviato con PID: 59618
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:35:01 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:35:03 CET 2025] Frontend riavviato con PID: 59725
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:40:02 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:40:04 CET 2025] Frontend riavviato con PID: 59831
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:45:02 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:45:04 CET 2025] Frontend riavviato con PID: 59935
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:50:01 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:50:03 CET 2025] Frontend riavviato con PID: 60044
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
[Mon Nov 24 10:55:01 CET 2025] Frontend Node NON attivo, riavvio...
[Mon Nov 24 10:55:03 CET 2025] Frontend riavviato con PID: 60151
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
🐘 Using standard PostgreSQL database
node:events:502
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use 0.0.0.0:5000
at Server.setupListenHandle [as _listen2] (node:net:1908:16)
at listenInCluster (node:net:1965:12)
at doListen (node:net:2139:7)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on Server instance at:
at emitErrorNT (node:net:1944:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '0.0.0.0',
port: 5000
}
Node.js v20.19.5
10:55:06 AM [express] GET /api/logs/[object%20Object] 200 in 10ms
10:55:06 AM [express] GET /api/detections 200 in 34ms :: [{"id":"5659c0b5-11df-4ebe-b73f-f53c64932953…
10:55:08 AM [express] GET /api/analytics/recent/[object%20Object] 200 in 7ms
10:55:11 AM [express] GET /api/analytics/recent/[object%20Object] 200 in 5ms
10:55:12 AM [express] GET /api/analytics/recent/[object%20Object] 200 in 5ms

54
attached_assets/Pasted--deployment-train-hybrid-production-sh--1764007807845_1764007807845.txt
View File

@ -1,54 +0,0 @@
./deployment/train_hybrid_production.sh
=======================================================================
TRAINING HYBRID ML DETECTOR - DATI REALI
=======================================================================
📂 Caricamento credenziali database da .env...
✅ Credenziali caricate:
Host: localhost
Port: 5432
Database: ids_database
User: ids_user
Password: ****** (nascosta)
🎯 Parametri training:
Periodo: ultimi 7 giorni
Max records: 1000000
🐍 Python: /opt/ids/python_ml/venv/bin/python
📊 Verifica dati disponibili nel database...
primo_log | ultimo_log | periodo_totale | totale_records
---------------------+---------------------+----------------+----------------
2025-11-22 10:03:21 | 2025-11-24 17:58:17 | 2 giorni | 234,316,667
(1 row)
🚀 Avvio training...
=======================================================================
[WARNING] Extended Isolation Forest not available, using standard IF
======================================================================
IDS HYBRID ML TRAINING - UNSUPERVISED MODE
======================================================================
[TRAIN] Loading last 7 days of real traffic from database...
❌ Error: column "dest_ip" does not exist
LINE 5: dest_ip,
^
Traceback (most recent call last):
File "/opt/ids/python_ml/train_hybrid.py", line 365, in main
train_unsupervised(args)
File "/opt/ids/python_ml/train_hybrid.py", line 91, in train_unsupervised
logs_df = train_on_real_traffic(db_config, days=args.days)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/train_hybrid.py", line 50, in train_on_real_traffic
cursor.execute(query, (days,))
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/psycopg2/extras.py", line 236, in execute
return super().execute(query, vars)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.errors.UndefinedColumn: column "dest_ip" does not exist
LINE 5: dest_ip,
^

360
attached_assets/Pasted--deployment-update-from-git-sh-AGGIORNAME-1763744739614_1763744739614.txt
View File

@ -1,360 +0,0 @@
./deployment/update_from_git.sh
╔═══════════════════════════════════════════════╗
║  AGGIORNAMENTO SISTEMA IDS DA GIT ║
╚═══════════════════════════════════════════════╝
 Verifica configurazione git...
 Backup configurazione locale...
✅ .env salvato in .env.backup
 Verifica modifiche locali...
 Download aggiornamenti da git.alfacom.it...
remote: Enumerating objects: 25, done.
remote: Counting objects: 100% (25/25), done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 16 (delta 13), reused 0 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (16/16), 2.36 KiB | 482.00 KiB/s, done.
From https://git.alfacom.it/marco/ids.alfacom.it
07f1895..e957556 main -> origin/main
* [new tag] v1.0.27 -> v1.0.27
From https://git.alfacom.it/marco/ids.alfacom.it
* branch main -> FETCH_HEAD
Updating 07f1895..e957556
Fast-forward
.replit | 4 ----
database-schema/apply_migrations.sh | 9 +++++++++
database-schema/schema.sql | 4 ++--
deployment/cleanup_database.sh | 4 +++-
deployment/debug_system.sh | 10 +++++++++-
version.json | 10 ++++++++--
6 files changed, 31 insertions(+), 10 deletions(-)
✅ Aggiornamenti scaricati con successo
 Ripristino configurazione locale...
✅ .env ripristinato
 Aggiornamento dipendenze Node.js...
up to date, audited 492 packages in 2s
65 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 5 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
✅ Dipendenze Node.js aggiornate
 Aggiornamento dipendenze Python...
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: fastapi==0.104.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (0.104.1)
Requirement already satisfied: uvicorn==0.24.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (0.24.0)
Requirement already satisfied: pandas==2.1.3 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.1.3)
Requirement already satisfied: numpy==1.26.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.26.2)
Requirement already satisfied: scikit-learn==1.3.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 5)) (1.3.2)
Requirement already satisfied: psycopg2-binary==2.9.9 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 6)) (2.9.9)
Requirement already satisfied: python-dotenv==1.0.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 7)) (1.0.0)
Requirement already satisfied: pydantic==2.5.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 8)) (2.5.0)
Requirement already satisfied: httpx==0.25.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 9)) (0.25.1)
Requirement already satisfied: anyio<4.0.0,>=3.7.1 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (3.7.1)
Requirement already satisfied: starlette<0.28.0,>=0.27.0 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (0.27.0)
Requirement already satisfied: typing-extensions>=4.8.0 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (4.15.0)
Requirement already satisfied: click>=7.0 in /home/ids/.local/lib/python3.11/site-packages (from uvicorn==0.24.0->-r requirements.txt (line 2)) (8.3.1)
Requirement already satisfied: h11>=0.8 in /home/ids/.local/lib/python3.11/site-packages (from uvicorn==0.24.0->-r requirements.txt (line 2)) (0.16.0)
Requirement already satisfied: python-dateutil>=2.8.2 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2.9.0.post0)
Requirement already satisfied: pytz>=2020.1 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2025.2)
Requirement already satisfied: tzdata>=2022.1 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2025.2)
Requirement already satisfied: scipy>=1.5.0 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (1.16.3)
Requirement already satisfied: joblib>=1.1.1 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (1.5.2)
Requirement already satisfied: threadpoolctl>=2.0.0 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (3.6.0)
Requirement already satisfied: annotated-types>=0.4.0 in /home/ids/.local/lib/python3.11/site-packages (from pydantic==2.5.0->-r requirements.txt (line 8)) (0.7.0)
Requirement already satisfied: pydantic-core==2.14.1 in /home/ids/.local/lib/python3.11/site-packages (from pydantic==2.5.0->-r requirements.txt (line 8)) (2.14.1)
Requirement already satisfied: certifi in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (2025.11.12)
Requirement already satisfied: httpcore in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (1.0.9)
Requirement already satisfied: idna in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (3.11)
Requirement already satisfied: sniffio in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (1.3.1)
Requirement already satisfied: six>=1.5 in /home/ids/.local/lib/python3.11/site-packages (from python-dateutil>=2.8.2->pandas==2.1.3->-r requirements.txt (line 3)) (1.17.0)
✅ Dipendenze Python aggiornate
 Aggiornamento schema database...
Applicando migrazioni SQL...
 Applicazione migrazioni database...
 Trovate 1 migrazioni
Applicando: 001_add_missing_columns.sql
✅ 001_add_missing_columns.sql applicata
✅ Tutte le migrazioni applicate con successo
✅ Migrazioni SQL applicate
Sincronizzando schema Drizzle...
> rest-express@1.0.0 db:push
> drizzle-kit push
No config path provided, using default 'drizzle.config.ts'
Reading config file '/opt/ids/drizzle.config.ts'
Using 'pg' driver for database querying
[✓] Pulling schema from database...
· You're about to add routers_ip_address_unique unique constraint to the table, which contains 1 items. If this statement fails, you will receive an error from the database. Do you want to truncate routers table?
Warning Found data-loss statements:
· You're about to delete last_check column in routers table with 1 items
· You're about to delete status column in routers table with 1 items
THIS ACTION WILL CAUSE DATA LOSS AND CANNOT BE REVERTED
Do you still want to push changes?
[x] All changes were aborted
✅ Schema database completamente sincronizzato
 Restart servizi...
✅ Servizi riavviati
╔═══════════════════════════════════════════════╗
║ ✅ AGGIORNAMENTO COMPLETATO ║
╚═══════════════════════════════════════════════╝
 VERIFICA SISTEMA:
• Log backend: tail -f /var/log/ids/backend.log
• Log frontend: tail -f /var/log/ids/frontend.log
• API backend: curl http://localhost:8000/health
• Frontend: curl http://localhost:5000
 STATO SERVIZI:
ids 5038 0.2 2.0 1894024 331912 ? Sl 09:20 1:17 /usr/bin/python3.11 main.py
root 12022 0.0 0.0 3088 1536 pts/3 S+ 17:51 0:00 tail -f /var/log/ids/syslog_parser.log
root 12832 0.0 0.1 730448 32068 pts/5 Rl+ 18:02 0:00 /usr/bin/node /usr/bin/npm run dev
[root@ids ids]# sudo -u ids /opt/ids/database-schema/apply_migrations.sh
 Applicazione migrazioni database...
 Trovate 1 migrazioni
Applicando: 001_add_missing_columns.sql
✅ 001_add_missing_columns.sql applicata
✅ Tutte le migrazioni applicate con successo
[root@ids ids]# psql postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database -c "\d routers"
Table "public.routers"
Column | Type | Collation | Nullable | Default
------------+-----------------------------+-----------+----------+-------------------
id | character varying | | not null | gen_random_uuid()
name | text | | not null |
ip_address | text | | not null |
username | text | | not null |
password | text | | not null |
api_port | integer | | not null | 443
enabled | boolean | | not null | true
last_check | timestamp without time zone | | |
status | text | | |
created_at | timestamp without time zone | | not null | now()
last_sync | timestamp without time zone | | |
Indexes:
"routers_pkey" PRIMARY KEY, btree (id)
"routers_enabled_idx" btree (enabled)
"routers_ip_address_key" UNIQUE CONSTRAINT, btree (ip_address)
"routers_ip_idx" btree (ip_address)
[root@ids ids]# psql postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database << 'EOF'
-- Conta log da eliminare
SELECT COUNT(*) as logs_da_eliminare FROM network_logs WHERE timestamp < NOW() - INTERVAL '7 days';
-- Elimina
DELETE FROM network_logs WHERE timestamp < NOW() - INTERVAL '7 days';
-- Libera spazio fisico
VACUUM FULL network_logs;
-- Verifica risultato
SELECT COUNT(*) as logs_rimasti FROM network_logs;
SELECT pg_size_pretty(pg_database_size(current_database())) as dimensione_db;
EOF
logs_da_eliminare
-------------------
0
(1 row)
DELETE 0
VACUUM
logs_rimasti
--------------
0
(1 row)
dimensione_db
---------------
8853 kB
(1 row)
[root@ids ids]# sudo /opt/ids/deployment/setup_cron_cleanup.sh
 Configurazione cron job per pulizia database...
⚠ Cron job già configurato
 Cron jobs attuali per utente ids:
# ============================================
# SISTEMA IDS - CONFIGURAZIONE AUTOMATICA
# ============================================
# Training ML ogni 12 ore (alle 00:00 e 12:00)
0 */12 * * * /opt/ids/deployment/cron_train.sh
# Detection automatica ogni 5 minuti
*/5 * * * * /opt/ids/deployment/cron_detect.sh
# Verifica processo backend Python ogni 5 minuti (riavvia se non attivo)
*/5 * * * * /opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1
# Verifica processo frontend ogni 5 minuti (riavvia se non attivo)
*/5 * * * * /opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1
# Pulizia log settimanale (ogni domenica alle 02:00)
0 2 * * 0 find /var/log/ids -name "*.log" -size +100M -exec truncate -s 50M {} \; >> /var/log/ids/cron.log 2>&1
# Restart completo del sistema ogni settimana (domenica alle 03:00)
0 3 * * 0 /opt/ids/deployment/restart_all.sh >> /var/log/ids/cron.log 2>&1
# Backup database giornaliero (alle 04:00)
0 4 * * * /opt/ids/deployment/backup_db.sh >> /var/log/ids/cron.log 2>&1
0 3 * * * /opt/ids/deployment/cleanup_database.sh >> /var/log/ids/cleanup.log 2>&1
離 Test manuale pulizia:
sudo -u ids /opt/ids/deployment/cleanup_database.sh
[root@ids ids]# sudo -u ids /opt/ids/deployment/restart_all.sh
pkill: killing pid 12878 failed: Operation not permitted
pkill: killing pid 12832 failed: Operation not permitted
[root@ids ids]# /opt/ids/deployment/debug_system.sh
╔═══════════════════════════════════════════════╗
║  DEBUG SISTEMA IDS ║
╚═══════════════════════════════════════════════╝
═══ 1. VERIFICA DATABASE ═══
 Conta record per tabella:
tabella | record
------------------+--------
detections | 0
network_logs | 0
routers | 1
training_history | 0
whitelist | 0
(5 rows)
 Schema tabella routers:
Table "public.routers"
Column | Type | Collation | Nullable | Default
------------+-----------------------------+-----------+----------+-------------------
id | character varying | | not null | gen_random_uuid()
name | text | | not null |
ip_address | text | | not null |
username | text | | not null |
password | text | | not null |
api_port | integer | | not null | 443
enabled | boolean | | not null | true
last_check | timestamp without time zone | | |
status | text | | |
created_at | timestamp without time zone | | not null | now()
last_sync | timestamp without time zone | | |
Indexes:
"routers_pkey" PRIMARY KEY, btree (id)
"routers_enabled_idx" btree (enabled)
"routers_ip_address_key" UNIQUE CONSTRAINT, btree (ip_address)
"routers_ip_idx" btree (ip_address)
 Ultimi 5 network_logs:
timestamp | router_name | source_ip | destination_ip | protocol | packet_length
-----------+-------------+-----------+----------------+----------+---------------
(0 rows)
 Training history:
trained_at | model_version | records_processed | features_count | status | notes
------------+---------------+-------------------+----------------+--------+-------
(0 rows)
 Detections:
detected_at | source_ip | risk_score | anomaly_type | blocked | log_count
-------------+-----------+------------+--------------+---------+-----------
(0 rows)
═══ 2. STATO SERVIZI ═══
 Processi attivi:
ids 5038 0.2 2.0 1894024 331912 ? Sl 09:20 1:17 /usr/bin/python3.11 main.py
root 12022 0.0 0.0 3088 1536 pts/3 S+ 17:51 0:00 tail -f /var/log/ids/syslog_parser.log
root 12832 0.2 0.3 1097848 59768 pts/5 Sl 18:02 0:00 npm run dev
═══ 3. BACKEND PYTHON ML ═══
✅ Backend Python attivo
 Statistiche ML:
{
"logs": {
"total": 0,
"last_hour": 0
},
"detections": {
"total": 0,
"blocked": 0
},
"routers": {
"active": 1
},
"latest_training": null
}
═══ 4. FRONTEND NODE.JS ═══
✅ Frontend Node attivo
 Test API:
{
"routers": {
"total": 1,
"enabled": 1
},
"detections": {
"total": 0,
"blocked": 0,
"critical": 0,
"high": 0
},
"logs": {
"recent": 0
},
"whitelist": {
"total": 0
}
}
═══ 5. SYSLOG PARSER ═══
❌ Syslog Parser NON attivo
Avvia: cd /opt/ids/python_ml && nohup python syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
═══ 6. ERRORI RECENTI ═══
🔴 Errori backend Python:
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
🔴 Errori frontend Node:
[DB ERROR] Failed to fetch routers: error: column "last_sync" does not exist
╔═══════════════════════════════════════════════╗
║ 📋 RIEPILOGO ║
╚═══════════════════════════════════════════════╝
Database:
• Network logs: 0
• Detections: 0
• Training history: 0
🔧 COMANDI UTILI:
• Riavvia tutto: sudo -u ids /opt/ids/deployment/restart_all.sh
• Test training: curl -X POST http://localhost:8000/train -H 'Content-Type: application/json' -d '{"max_records": 1000}'
• Log frontend: tail -f /var/log/ids/frontend.log
• Log backend: tail -f /var/log/ids/backend.log

101
attached_assets/Pasted--deployment-update-from-git-sh-db-AGGIO-1764002061583_1764002061583.txt
View File

@ -1,101 +0,0 @@
./deployment/update_from_git.sh --db
╔═══════════════════════════════════════════════╗
║  AGGIORNAMENTO SISTEMA IDS DA GIT ║
╚═══════════════════════════════════════════════╝
 Verifica configurazione git...
 Backup configurazione locale...
✅ .env salvato in .env.backup
 Verifica modifiche locali...
⚠ Ci sono modifiche locali non committate
Esegui 'git status' per vedere i dettagli
Vuoi procedere comunque? (y/n) y
Salvo modifiche locali temporaneamente...
No local changes to save
 Download aggiornamenti da git.alfacom.it...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 13 (delta 9), reused 0 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (13/13), 3.37 KiB | 492.00 KiB/s, done.
From https://git.alfacom.it/marco/ids.alfacom.it
3a945ec..152e226 main -> origin/main
* [new tag] v1.0.56 -> v1.0.56
From https://git.alfacom.it/marco/ids.alfacom.it
* branch main -> FETCH_HEAD
Updating 3a945ec..152e226
Fast-forward
attached_assets/Pasted--deployment-update-from-git-sh-db-AGGIOR-1764001889941_1764001889941.txt | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
database-schema/schema.sql | 4 ++--
python_ml/requirements.txt | 2 +-
replit.md | 5 +++--
version.json | 16 ++++++++--------
5 files changed, 104 insertions(+), 13 deletions(-)
create mode 100644 attached_assets/Pasted--deployment-update-from-git-sh-db-AGGIOR-1764001889941_1764001889941.txt
✅ Aggiornamenti scaricati con successo
 Ripristino configurazione locale...
✅ .env ripristinato
 Aggiornamento dipendenze Node.js...
up to date, audited 492 packages in 2s
65 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 5 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
✅ Dipendenze Node.js aggiornate
📦 Aggiornamento dipendenze Python...
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: fastapi==0.104.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (0.104.1)
Requirement already satisfied: uvicorn==0.24.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (0.24.0)
Requirement already satisfied: pandas==2.1.3 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.1.3)
Requirement already satisfied: numpy==1.26.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.26.2)
Requirement already satisfied: scikit-learn==1.3.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 5)) (1.3.2)
Requirement already satisfied: psycopg2-binary==2.9.9 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 6)) (2.9.9)
Requirement already satisfied: python-dotenv==1.0.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 7)) (1.0.0)
Requirement already satisfied: pydantic==2.5.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 8)) (2.5.0)
Requirement already satisfied: httpx==0.25.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 9)) (0.25.1)
Collecting xgboost==2.0.3
Using cached xgboost-2.0.3-py3-none-manylinux2014_x86_64.whl (297.1 MB)
Collecting joblib==1.3.2
Using cached joblib-1.3.2-py3-none-any.whl (302 kB)
Collecting eif==2.0.2
Downloading eif-2.0.2.tar.gz (1.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 2.8 MB/s eta 0:00:00
Preparing metadata (setup.py) ... error
error: subprocess-exited-with-error
× python setup.py egg_info did not run successfully.
│ exit code: 1
╰─> [6 lines of output]
Traceback (most recent call last):
File "<string>", line 2, in <module>
File "<pip-setuptools-caller>", line 34, in <module>
File "/tmp/pip-install-7w_zhzdf/eif_d01f9f1e418b4512a5d7b4cf0e1128e2/setup.py", line 4, in <module>
from Cython.Distutils import build_ext
ModuleNotFoundError: No module named 'Cython'
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed
× Encountered error while generating package metadata.
╰─> See above for output.
note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

90
attached_assets/Pasted--deployment-update-from-git-sh-db-AGGIOR-1764001889941_1764001889941.txt
View File

@ -1,90 +0,0 @@
./deployment/update_from_git.sh --db
╔═══════════════════════════════════════════════╗
║  AGGIORNAMENTO SISTEMA IDS DA GIT ║
╚═══════════════════════════════════════════════╝
 Verifica configurazione git...
 Backup configurazione locale...
✅ .env salvato in .env.backup
 Verifica modifiche locali...
⚠ Ci sono modifiche locali non committate
Esegui 'git status' per vedere i dettagli
Vuoi procedere comunque? (y/n) y
Salvo modifiche locali temporaneamente...
No local changes to save
 Download aggiornamenti da git.alfacom.it...
remote: Enumerating objects: 51, done.
remote: Counting objects: 100% (51/51), done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 41 (delta 32), reused 0 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (41/41), 31.17 KiB | 1.35 MiB/s, done.
From https://git.alfacom.it/marco/ids.alfacom.it
0fa2f11..3a945ec main -> origin/main
* [new tag] v1.0.55 -> v1.0.55
From https://git.alfacom.it/marco/ids.alfacom.it
* branch main -> FETCH_HEAD
Updating 0fa2f11..3a945ec
Fast-forward
database-schema/schema.sql | 4 +-
deployment/CHECKLIST_ML_HYBRID.md | 536 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
python_ml/dataset_loader.py | 384 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
python_ml/main.py | 120 ++++++++++++++++++++++++++++------
python_ml/ml_hybrid_detector.py | 705 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
python_ml/requirements.txt | 3 +
python_ml/train_hybrid.py | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
python_ml/validation_metrics.py | 324 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
replit.md | 19 +++++-
version.json | 16 ++---
10 files changed, 2459 insertions(+), 30 deletions(-)
create mode 100644 deployment/CHECKLIST_ML_HYBRID.md
create mode 100644 python_ml/dataset_loader.py
create mode 100644 python_ml/ml_hybrid_detector.py
create mode 100644 python_ml/train_hybrid.py
create mode 100644 python_ml/validation_metrics.py
✅ Aggiornamenti scaricati con successo
🔄 Ripristino configurazione locale...
✅ .env ripristinato
📦 Aggiornamento dipendenze Node.js...
up to date, audited 492 packages in 3s
65 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 5 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
✅ Dipendenze Node.js aggiornate
📦 Aggiornamento dipendenze Python...
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: fastapi==0.104.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (0.104.1)
Requirement already satisfied: uvicorn==0.24.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (0.24.0)
Requirement already satisfied: pandas==2.1.3 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.1.3)
Requirement already satisfied: numpy==1.26.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.26.2)
Requirement already satisfied: scikit-learn==1.3.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 5)) (1.3.2)
Requirement already satisfied: psycopg2-binary==2.9.9 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 6)) (2.9.9)
Requirement already satisfied: python-dotenv==1.0.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 7)) (1.0.0)
Requirement already satisfied: pydantic==2.5.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 8)) (2.5.0)
Requirement already satisfied: httpx==0.25.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 9)) (0.25.1)
Collecting xgboost==2.0.3
Downloading xgboost-2.0.3-py3-none-manylinux2014_x86_64.whl (297.1 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 297.1/297.1 MB 8.4 MB/s eta 0:00:00
Collecting joblib==1.3.2
Downloading joblib-1.3.2-py3-none-any.whl (302 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 302.2/302.2 kB 62.7 MB/s eta 0:00:00
ERROR: Ignored the following versions that require a different python version: 1.21.2 Requires-Python >=3.7,<3.11; 1.21.3 Requires-Python >=3.7,<3.11; 1.21.4 Requires-Python >=3.7,<3.11; 1.21.5 Requires-Python >=3.7,<3.11; 1.21.6 Requires-Python >=3.7,<3.11
ERROR: Could not find a version that satisfies the requirement eif==2.0.0 (from versions: 1.0.0, 1.0.1, 1.0.2, 2.0.2)
ERROR: No matching distribution found for eif==2.0.0

111
attached_assets/Pasted--fix-postgresql-auth-sh-PostgreSQL-Authentic-1763396674149_1763396674149.txt
View File

@ -1,111 +0,0 @@
./fix_postgresql_auth.sh
╔═══════════════════════════════════════════════╗
║ PostgreSQL Authentication Fix ║
╚═══════════════════════════════════════════════╝
 File pg_hba.conf: /var/lib/pgsql/data/pg_hba.conf
 Backup configurazione...
✅ Backup salvato: /var/lib/pgsql/data/pg_hba.conf.backup_20251117_171950
 Configurazione ATTUALE:
local all all peer
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
local ids_database ids_user md5
host ids_database ids_user 127.0.0.1/32 md5
 Modifico pg_hba.conf...
✅ Configurazione modificata
 Configurazione NUOVA:
local all all peer
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
local ids_database ids_user md5
host ids_database ids_user 127.0.0.1/32 md5
 Ricarico configurazione PostgreSQL...
✅ PostgreSQL ricaricato
離 Test connessione con password...
❌ Connessione FALLITA
Verifica password in /opt/ids/.env
[root@ids deployment]# systemctl restart postgresql
[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
psql: error: FATAL: password authentication failed for user "ids_user"
[root@ids deployment]# sudo -u postgres psql -c "ALTER USER ids_user WITH PASSWORD 'fuvX7Lk7gVNbW72bj81kfU/m6VV+j3SQ8w09z16W1CE=';"
ALTER ROLE
[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
psql: error: FATAL: password authentication failed for user "ids_user"
[root@ids deployment]# ./fix_postgresql_auth.sh
╔═══════════════════════════════════════════════╗
║ PostgreSQL Authentication Fix ║
╚═══════════════════════════════════════════════╝
 File pg_hba.conf: /var/lib/pgsql/data/pg_hba.conf
 Backup configurazione...
✅ Backup salvato: /var/lib/pgsql/data/pg_hba.conf.backup_20251117_172100
 Configurazione ATTUALE:
local all all peer
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
local ids_database ids_user md5
host ids_database ids_user 127.0.0.1/32 md5
 Modifico pg_hba.conf...
✅ Configurazione modificata
 Configurazione NUOVA:
local all all peer
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
local ids_database ids_user md5
host ids_database ids_user 127.0.0.1/32 md5
🔄 Ricarico configurazione PostgreSQL...
✅ PostgreSQL ricaricato
🧪 Test connessione con password...
❌ Connessione FALLITA
Verifica password in /opt/ids/.env
[root@ids deployment]# export PGPASSWORD='fuvX7Lk7gVNbW72bj81kfU/m6VV+j3SQ8w09z16W1CE='
[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
psql: error: FATAL: password authentication failed for user "ids_user"
[root@ids deployment]# TEST_PASS="TestPassword123"
[root@ids deployment]# sudo -u postgres psql -c "ALTER USER ids_user WITH PASSWORD '$TEST_PASS';"
ALTER ROLE
[root@ids deployment]# sudo -u ids sed -i "s/PGPASSWORD=.*/PGPASSWORD=$TEST_PASS/" /opt/ids/.env
[root@ids deployment]# grep PGPASSWORD /opt/ids/.env
PGPASSWORD=TestPassword123
[root@ids deployment]# export PGPASSWORD="$TEST_PASS"
[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
psql: error: FATAL: password authentication failed for user "ids_user"
[root@ids deployment]# tail -30 /var/lib/pgsql/data/log/postgresql-*.log | grep -i "ids_user"
2025-11-17 17:19:50.207 CET [59081] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:20:26.379 CET [59126] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:20:26.379 CET [59126] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:20:51.102 CET [59132] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:20:51.102 CET [59132] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:21:00.789 CET [59154] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:21:00.789 CET [59154] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:22:28.055 CET [59160] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:22:28.055 CET [59160] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:23:42.513 CET [59171] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:23:42.513 CET [59171] DETAIL: User "ids_user" does not have a valid SCRAM secret.

42
attached_assets/Pasted--forward-in-pppoe-1511-1179-comunedisa-out-sfp-sfpplus2-VS-AS-connection-state-new-proto-TCP-SY-1763801791531_1763801791531.txt
View File

@ -1,42 +0,0 @@
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:15256->108.55.41.22:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:15256->108.55.41.22:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:24416->185.114.48.212:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:24416->185.114.48.212:445, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-856_gianluca.carmellino>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 178.22.24.64:53707->185.203.25.160:10401, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-856_gianluca.carmellino>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 178.22.24.64:53707->185.203.25.160:10401, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 183.147.162.78:42369->185.203.24.153:23, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 183.147.162.78:42369->185.203.24.153:23, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-datev.router>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 38.242.148.189:51558->185.203.25.199:53, len 69
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:59956->185.114.64.51:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:59956->185.114.64.51:445, len 52
forward: in:<pppoe-1496_1143_demartinog> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c8:60, proto UDP, 10.0.254.250:64924->216.58.205.46:443, len 1228
forward: in:<pppoe-1496_1143_demartinog> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c8:60, proto UDP, 10.0.254.250:64924->216.58.205.46:443, len 1228
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:26015->85.39.11.225:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:26015->85.39.11.225:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:21538->216.0.0.11:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:21538->216.0.0.11:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:48075->108.55.66.212:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:48075->108.55.66.212:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:23250->78.107.87.197:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:23250->78.107.87.197:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:62934->172.121.122.57:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:62934->172.121.122.57:445, len 52
forward: in:<pppoe-1641_1395_hlukhnatal> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.64:35308->168.138.169.206:443, len 60
forward: in:<pppoe-1641_1395_hlukhnatal> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.64:35308->168.138.169.206:443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.204:4499, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.229:20400->185.203.24.25:443, len 52
forward: in:<pppoe-gennaro.cibelli.sala> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:7e:07, proto UDP, 185.203.25.162:57994->17.253.53.73:443, len 1378
forward: in:<pppoe-gennaro.cibelli.sala> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:7e:07, proto UDP, 185.203.25.162:57994->17.253.53.73:443, len 1378
forward: in:<pppoe-gennaro.cibelli.sala> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:7e:07, proto UDP, 185.203.25.162:57994->17.253.53.73:443, len 700
forward: in:<pppoe-gennaro.cibelli.sala> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:7e:07, proto UDP, 185.203.25.162:57994->17.253.53.73:443, len 700
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.25:27540->185.203.24.94:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.25:27540->185.203.24.94:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfonso.santonicola>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 103.102.230.4:33260->185.203.25.227:8728, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfonso.santonicola>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 103.102.230.4:33260->185.203.25.227:8728, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 68.183.27.223:43452->185.203.26.33:29092, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 68.183.27.223:43452->185.203.26.33:29092, len 52
forward: in:<pppoe-891_mariagiovanna.morrone> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.214:39490->44.212.216.137:443, len 60
forward: in:<pppoe-891_mariagiovanna.morrone> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.214:39490->44.212.216.137:443, len 60
forward: in:<pppoe-1024_maria.granato> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.94:47860->216.239.36.223:443, len 60
forward: in:<pppoe-1024_maria.granato> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.94:47860->216.239.36.223:443, len 60
forward: in:<pppoe-1024_maria.granato> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.94:47864->216.239.36.223:443, len 60

581
attached_assets/Pasted--forward-in-pppoe-franco-alfano-out-sfp-sfpplus2-VS-AS-connection-state-new-proto-TCP-SYN-10--1763801298895_1763801298895.txt
View File

@ -1,581 +0,0 @@
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53783->52.213.60.221:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53783->52.213.60.221:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53784->108.138.187.109:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53784->108.138.187.109:443, len 64
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:27417->8.8.8.8:53, len 79
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:27417->8.8.8.8:53, len 79
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:21103->8.8.8.8:53, len 72
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:21103->8.8.8.8:53, len 72
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 172.217.38.146:35055->185.203.24.95:993, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 172.217.38.146:35055->185.203.24.95:993, len 60
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:45846->8.8.8.8:53, len 217
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:45846->8.8.8.8:53, len 217
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:43652->185.203.24.135:9004, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:43652->185.203.24.135:9004, len 60
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53785->142.250.180.134:443, len 64
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8810, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8810, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8811, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8811, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8812, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8812, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8813, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8813, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8814, len 187
forward: in:<pppoe-imo.office> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac cc:2d:e0:d9:1a:07, proto UDP, 185.203.25.69:33806->165.154.165.205:8814, len 187
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:54050->108.138.192.65:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:54050->108.138.192.65:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:54062->108.138.192.65:443, len 60
forward: in:<pppoe-530_vincenzo.battipaglia> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac b8:69:f4:f7:b5:ec, proto TCP (ACK,PSH), 10.0.254.155:47704->157.240.231.60:443, len 76
forward: in:<pppoe-530_vincenzo.battipaglia> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.155:41058->157.240.231.60:443, len 60
forward: in:<pppoe-530_vincenzo.battipaglia> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.155:41058->157.240.231.60:443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.179:44575->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.179:44575->185.203.25.89:53, len 62
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:9851->185.19.124.171:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:9851->185.19.124.171:445, len 52
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:53503->8.8.8.8:53, len 80
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:53503->8.8.8.8:53, len 80
forward: in:<pppoe-891_mariagiovanna.morrone> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:aa:c7:04, proto UDP, 10.0.254.214:64263->57.144.140.5:443, len 128
forward: in:<pppoe-891_mariagiovanna.morrone> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:aa:c7:04, proto UDP, 10.0.254.214:64263->57.144.140.5:443, len 128
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->37.186.217.132:161, len 73
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->37.186.217.132:161, len 73
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->37.186.217.132:161, NAT (10.1.0.254:37832->185.203.27.253:37832)->37.186.217.132:161, len 73
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->37.186.217.132:161, NAT (10.1.0.254:37832->185.203.27.253:37832)->37.186.217.132:161, len 73
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->37.186.217.132:161, NAT (10.1.0.254:37832->185.203.27.253:37832)->37.186.217.132:161, len 73
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.179:44575->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.179:44575->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.160:13391->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.160:13391->185.203.25.59:53, len 62
forward: in:<pppoe-958_carolina.carpentieri> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac b8:69:f4:0d:ae:7f, proto TCP (ACK,FIN,PSH), 10.0.254.129:42640->161.71.33.241:443, NAT (10.0.254.129:42640->185.203.27.253:42640)->161.71.33.241:443, len 76
forward: in:<pppoe-958_carolina.carpentieri> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac b8:69:f4:0d:ae:7f, proto TCP (ACK,FIN,PSH), 10.0.254.129:42640->161.71.33.241:443, NAT (10.0.254.129:42640->185.203.27.253:42640)->161.71.33.241:443, len 76
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:51577->157.240.231.15:443, len
1228
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:51577->157.240.231.15:443, len
1228
forward: in:<pppoe-795_giuseppe.diblasi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.92:54264->157.240.231.60:443, len 60
forward: in:<pppoe-795_giuseppe.diblasi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.92:54264->157.240.231.60:443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.160:13391->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.160:13391->185.203.25.59:53, len 62
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:37060->185.8.52.202:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:37060->185.8.52.202:445, len 52
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.201:50895->157.240.231.175:5222, len 64
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.201:50895->157.240.231.175:5222, len 64
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:47506->8.8.8.8:53, len 220
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:46032->173.194.182.167:443, len 1278
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:46032->173.194.182.167:443, len 1278
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.80:13460->185.203.26.17:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.80:13460->185.203.26.17:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.56.186:46068->185.203.24.60:45005, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.56.186:46068->185.203.24.60:45005, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.161:13979->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.161:13979->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 152.32.128.85:42054->185.203.24.160:7707, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 152.32.128.85:42054->185.203.24.160:7707, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:20073->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:20073->185.203.26.77:53, len 65
forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 10.0.30.254:34189->8.8.8.8:53, len 65
forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 10.0.30.254:34189->8.8.8.8:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 45.43.33.218:36350->185.203.25.186:554, len 60
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:46032->173.194.182.167:443, NAT (10.0.254.36:46032->185.203.27.253:46032)->173.194.182.167:443,
len 1278
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:46032->173.194.182.167:443, NAT (10.0.254.36:46032->185.203.27.253:46032)->173.194.182.167:443,
len 1278
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:31539->8.8.8.8:53, len 111
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:31539->8.8.8.8:53, len 111
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.161:13979->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.161:13979->185.203.25.204:53, len 62
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:58390->192.168.25.254:80, len 60
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:58390->192.168.25.254:80, len 60
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:25235->8.8.8.8:53, len 217
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:25235->8.8.8.8:53, len 217
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:39557->185.203.196.108:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:39557->185.203.196.108:445, len 52
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28748->216.58.204.129:443, len 64
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28748->216.58.204.129:443, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 91.134.84.178:56968->185.203.24.84:738, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.44:17118->185.203.25.231:53, len 62
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:49523->52.182.143.208:443, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:49523->52.182.143.208:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:26015->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:26015->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:2509->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:2509->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.20:48602->185.203.24.35:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.20:48602->185.203.24.35:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.37:2718, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.37:2718, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.25.232:32895, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.25.232:32895, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cloud_team_system_2>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.32:23154->185.203.25.208:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cloud_team_system_2>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.32:23154->185.203.25.208:443, len 52
forward: in:<pppoe-salvatore.lanzara> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.49:60855->142.251.31.109:993, len 64
forward: in:<pppoe-salvatore.lanzara> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.49:60855->142.251.31.109:993, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-servizi.voip.esterni>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.31.169:12233->185.203.25.246:443, len 52
forward: in:<pppoe-1645_1400_codaantoni> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.12:42176->52.29.103.180:443, len 60
forward: in:<pppoe-1645_1400_codaantoni> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.12:42176->52.29.103.180:443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:16865->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:16865->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:50336->185.203.24.135:9005, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:50336->185.203.24.135:9005, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:59360->185.203.24.135:9008, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:59360->185.203.24.135:9008, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:38014->185.203.24.135:9009, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:38014->185.203.24.135:9009, len 60
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:41739->216.58.209.33:443, NAT (10.0.254.36:41739->185.203.27.253:41739)->216.58.209.33:443, len
1278
forward: in:<pppoe-618_aniello.fimiani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac fc:ec:da:22:ed:55, proto UDP, 10.0.254.36:41739->216.58.209.33:443, NAT (10.0.254.36:41739->185.203.27.253:41739)->216.58.209.33:443, len
1278
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:40816->185.203.24.135:9006, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:40816->185.203.24.135:9006, len 60
forward: in:<pppoe-530_vincenzo.battipaglia> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.155:42344->192.178.156.188:5228, len 60
forward: in:<pppoe-530_vincenzo.battipaglia> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.155:42344->192.178.156.188:5228, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 212.22.128.117:26548->185.203.24.100:443, len 52
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 18:e8:29:d8:4d:1b, proto UDP, 185.203.25.174:28855->216.58.209.34:443, len 1228
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:46774->185.203.24.135:61616, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:46774->185.203.24.135:61616, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:47078->185.203.24.135:28017, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:47078->185.203.24.135:28017, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:38668->185.203.24.135:10000, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:38668->185.203.24.135:10000, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:16865->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:16865->185.203.25.186:53, len 62
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:28865->8.8.8.8:53, len 217
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:28865->8.8.8.8:53, len 217
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:49972->157.240.231.15:443, len
1228
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:49972->157.240.231.15:443, len
1228
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 154.198.203.177:37799->185.203.25.186:1434, len 29
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 154.198.203.177:37799->185.203.25.186:1434, len 29
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 2.16.5.221:60481->185.203.26.77:53, len 72
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:56206->185.203.24.135:5555, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:56206->185.203.24.135:5555, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.150:46817->185.203.25.59:53, len 63
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.150:46817->185.203.25.59:53, len 63
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:59550->185.203.24.135:9007, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:59550->185.203.24.135:9007, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:42722->185.203.24.135:61617, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:42722->185.203.24.135:61617, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:37468->185.203.24.135:8888, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:37468->185.203.24.135:8888, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:50566->185.203.24.135:8899, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:50566->185.203.24.135:8899, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:57292->185.203.24.135:2020, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:57292->185.203.24.135:2020, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:51274->185.203.24.135:10443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:51274->185.203.24.135:10443, len 60
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53788->172.66.0.126:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53792->172.66.0.126:443, len 64
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:35264->8.8.8.8:53, len 86
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53792->172.66.0.126:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53793->52.44.182.224:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53793->52.44.182.224:443, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:55946->185.203.24.135:7777, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 118.31.248.145:55946->185.203.24.135:7777, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.150:46817->185.203.25.59:53, len 63
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.150:46817->185.203.25.59:53, len 63
forward: in:<pppoe-801_simone.marino> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:37:3a:a4, proto UDP, 10.0.254.148:51145->216.58.209.36:443, len
57
forward: in:<pppoe-801_simone.marino> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:37:3a:a4, proto UDP, 10.0.254.148:51145->216.58.209.36:443, len
57
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cloud_team_system_2>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.96:27795->185.203.25.208:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cloud_team_system_2>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.96:27795->185.203.25.208:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 65.49.51.58:24251->185.203.24.21:53, len 84
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 65.49.51.58:24251->185.203.24.21:53, len 84
forward: in:<pppoe-756_1398_carpentier> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.116:34054->2.21.54.101:80, len 52
forward: in:<pppoe-756_1398_carpentier> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.116:34054->2.21.54.101:80, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.24.238:19570, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.24.238:19570, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.83:49547->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.83:49547->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:50390->185.203.26.17:53, len 63
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.167:50390->185.203.26.17:53, len 63
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1499_1146_campitiell>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.26.79:20062, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1499_1146_campitiell>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.26.79:20062, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-929_agm.srl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.62.134:58059->185.203.25.55:5985, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-929_agm.srl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.62.134:58059->185.203.25.55:5985, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.243:48559->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.243:48559->185.203.25.59:53, len 62
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:9415->8.8.8.8:53, len 217
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:9415->8.8.8.8:53, len 217
forward: in:<pppoe-comune.nocerasuperiore> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:c8:96:e7, proto UDP, 185.203.26.17:53098->8.8.8.8:53, len 79
forward: in:<pppoe-comune.nocerasuperiore> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:c8:96:e7, proto UDP, 185.203.26.17:53098->8.8.8.8:53, len 79
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.243:48559->185.203.25.59:53, len 62
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:55880->192.168.25.254:80, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:16665->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:16665->185.203.26.77:53, len 65
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:20272->2.42.225.140:443, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:20272->2.42.225.140:443, len 52
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:2003->8.8.4.4:53, len
59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:2003->8.8.4.4:53, len
59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:62251->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:62251->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:7621->8.8.4.4:53, len
59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:7621->8.8.4.4:53, len
59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:20375->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:20375->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:28828->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:28828->8.8.8.8:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:39737->8.8.4.4:53, len 59
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:39737->8.8.4.4:53, len 59
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:54021->8.8.8.8:53, len 220
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:54021->8.8.8.8:53, len 220
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.168:43296->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.168:43296->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 117.4.121.191:50826->185.203.24.149:445, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 117.4.121.191:50826->185.203.24.149:445, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1016_teresa.damico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 147.185.132.183:49736->185.203.25.13:4024, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1016_teresa.damico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 147.185.132.183:49736->185.203.25.13:4024, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.168:43296->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.168:43296->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-110_giancarlo.deprisco>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.25.72:3551, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-110_giancarlo.deprisco>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.25.72:3551, len 44
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:54238->157.240.231.1:443, len 1280
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:54238->157.240.231.1:443, len 1280
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53794->52.95.115.255:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53794->52.95.115.255:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53797->142.250.180.162:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53798->142.250.145.154:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53798->142.250.145.154:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53799->104.18.32.137:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53799->104.18.32.137:443, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:27009->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:27009->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.234:44437->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.234:44437->185.203.25.231:53, len 62
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:5588->89.89.0.11:161, len 106
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:5588->89.89.0.11:161, len 106
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.234:44437->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.234:44437->185.203.25.231:53, len 62
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:58166->104.18.158.26:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:58166->104.18.158.26:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:47874->104.17.249.168:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:47874->104.17.249.168:443, len 60
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 18:e8:29:d8:4d:1b, proto UDP, 185.203.25.174:28877->216.58.204.130:443, len 1276
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 18:e8:29:d8:4d:1b, proto UDP, 185.203.25.174:28877->216.58.204.130:443, len 1276
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 18:e8:29:d8:4d:1b, proto UDP, 185.203.25.174:28877->216.58.204.130:443, len 248
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 18:e8:29:d8:4d:1b, proto UDP, 185.203.25.174:28877->216.58.204.130:443, len 248
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:10319->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:10319->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.251:46534->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.251:46534->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 199.45.155.71:51900->185.203.24.157:7072, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 199.45.155.71:51900->185.203.24.157:7072, len 60
forward: in:<pppoe-826_giuliano.senatore> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 50:91:e3:c6:a5:93, proto UDP, 10.0.254.95:40119->157.240.231.15:443,
len 1260
forward: in:<pppoe-826_giuliano.senatore> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 50:91:e3:c6:a5:93, proto UDP, 10.0.254.95:40119->157.240.231.15:443,
len 1260
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:6349->8.8.8.8:53, len 127
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:6349->8.8.8.8:53, len 127
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-929_agm.srl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.149.67:35653->185.203.25.55:15166, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 212.22.128.117:60848->185.203.24.100:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 212.22.128.117:60848->185.203.24.100:443, len 52
forward: in:<pppoe-475_varone.felice> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:31:92:3d:c4:6b, proto UDP, 10.0.249.11:56298->8.8.8.8:53, len 77
forward: in:<pppoe-475_varone.felice> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:31:92:3d:c4:6b, proto UDP, 10.0.249.11:56298->8.8.8.8:53, len 77
forward: in:<pppoe-804_vincenzo.pagano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.147:51030->151.101.131.52:80, len 64
forward: in:<pppoe-804_vincenzo.pagano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.147:51030->151.101.131.52:80, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1007_valentina.calvanese>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 35.203.210.15:53763->185.203.25.142:4345, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1007_valentina.calvanese>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 35.203.210.15:53763->185.203.25.142:4345, len 44
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28749->216.58.205.38:443, len 64
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28749->216.58.205.38:443, len 64
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:38001->8.8.8.8:53, len 220
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:38001->8.8.8.8:53, len 220
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:11007->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:11007->185.203.26.77:53, len 65
forward: in:<pppoe-1332_945_costantino> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:9c:67, proto UDP, 10.0.254.40:57864->89.168.26.107:7635, NAT (10.0.254.40:57864->185.203.27.253:57864)->89.168.26.107:7635, len 122
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 199.45.155.71:51916->185.203.24.157:7072, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 199.45.155.71:51916->185.203.24.157:7072, len 60
forward: in:<pppoe-035_comune.csg.sedeftto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.27.25:5623->62.149.128.179:995, len 52
forward: in:<pppoe-035_comune.csg.sedeftto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.27.25:5623->62.149.128.179:995, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:18105->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 194.163.42.114:18105->185.203.26.77:53, len 65
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, len
1280
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, len
1280
forward: in:<pppoe-522_pasquale.palumbo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 64:d1:54:4d:ad:e9, proto UDP, 185.203.25.85:48715->95.110.254.234:123, len 76
forward: in:<pppoe-522_pasquale.palumbo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 64:d1:54:4d:ad:e9, proto UDP, 185.203.25.85:48715->95.110.254.234:123, len 76
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.0:49567->185.203.24.39:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.0:49567->185.203.24.39:443, len 52
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53800->92.122.95.137:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53800->92.122.95.137:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53801->150.171.22.12:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53801->150.171.22.12:443, len 64
forward: in:<pppoe-franco.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.77:53802->54.73.151.222:443, len 64
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:25247->190.85.86.177:445, len 52
forward: in:<pppoe-804_vincenzo.pagano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.147:51031->151.101.131.52:80, len 64
forward: in:<pppoe-804_vincenzo.pagano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.147:51031->151.101.131.52:80, len 64
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:58392->192.168.25.254:80, len 60
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:58392->192.168.25.254:80, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.93:12393->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.93:12393->185.203.25.89:53, len 62
forward: in:<pppoe-sergio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.128:49671->92.122.95.129:80, len 52
forward: in:<pppoe-sergio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.128:49671->92.122.95.129:80, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.174:46188->185.203.24.25:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.174:46188->185.203.24.25:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.90:55467->185.203.26.34:6248, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.90:55467->185.203.26.34:6248, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.99:48617->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.99:48617->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 35.203.211.137:51683->185.203.24.161:9111, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 35.203.211.137:51683->185.203.24.161:9111, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.39:3065, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 123.136.80.5:25041->185.203.25.186:1434, len 29
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 123.136.80.5:25041->185.203.25.186:1434, len 29
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.212:43547->185.203.26.17:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.212:43547->185.203.26.17:53, len 62
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:15484->8.8.8.8:53, len 220
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:15484->8.8.8.8:53, len 220
forward: in:<pppoe-hightek.router.new> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.24.17:2624->154.12.226.43:7704, len 52
forward: in:<pppoe-hightek.router.new> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.24.17:2624->154.12.226.43:7704, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.98:13394->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.98:13394->185.203.25.204:53, len 62
forward: in:<pppoe-834_daniela.barticel> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac b8:69:f4:f7:b5:c0, proto UDP, 10.0.249.123:59807->8.8.8.8:53, len 66
forward: in:<pppoe-834_daniela.barticel> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac b8:69:f4:f7:b5:c0, proto UDP, 10.0.249.123:59807->8.8.8.8:53, len 66
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.224:4759, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.224:4759, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 109.94.96.215:7101->185.203.24.158:80, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 109.94.96.215:7101->185.203.24.158:80, len 64
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:28382->185.203.98.145:445, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.31.49:34298->185.203.24.37:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:25561->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:25561->185.203.26.77:53, len 65
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:b5:15, proto TCP (SYN), 185.203.24.37:54910->31.7.144.29:8449, len 60
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:b5:15, proto TCP (SYN), 185.203.24.37:54910->31.7.144.29:8449, len 60
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:62881->157.240.231.15:443, len
1228
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:62881->157.240.231.15:443, len
1228
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 167.94.138.189:57144->185.203.24.134:8291, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 167.94.138.189:57144->185.203.24.134:8291, len 60
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28750->23.22.48.139:443, len 64
forward: in:<pppoe-giovanni.villani> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.174:28750->23.22.48.139:443, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new,dnat src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.56.186:46068->10.1.13.200:35252, NAT 79.124.56.186:46068->(185.203.24.5:35252->10.1.13.200:35252), len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new,dnat src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.56.186:46068->10.1.13.200:35252, NAT 79.124.56.186:46068->(185.203.24.5:35252->10.1.13.200:35252), len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:6743->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:6743->185.203.26.77:53, len 65
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac e4:8d:8c:03:f9:56, proto TCP (SYN), 10.1.0.254:57492->188.12.219.20:8291, NAT (10.1.0.254:57492->185.203.27.253:57492)->188.12.219.20:8291, len 60
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac e4:8d:8c:03:f9:56, proto TCP (SYN), 10.1.0.254:57492->188.12.219.20:8291, NAT (10.1.0.254:57492->185.203.27.253:57492)->188.12.219.20:8291, len 60
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:55262->8.8.8.8:53, len 220
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:55262->8.8.8.8:53, len 220
forward: in:<pppoe-475_varone.felice> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.11:49708->51.124.78.146:443, len 52
forward: in:<pppoe-475_varone.felice> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.11:49708->51.124.78.146:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:8079->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:8079->185.203.26.77:53, len 65
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:59573->185.231.59.101:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:59573->185.231.59.101:445, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.149.55:35049->185.203.24.123:27273, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.149.55:35049->185.203.24.123:27273, len 44
forward: in:<pppoe-salvatore.lanzara> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.49:60856->142.251.31.109:993, len 64
forward: in:<pppoe-salvatore.lanzara> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.49:60856->142.251.31.109:993, len 64
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, NAT (10.0.249.201:51257->185.203.27.253:51257)->157.240.8.34:443, len 1280
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, NAT (10.0.249.201:51257->185.203.27.253:51257)->157.240.8.34:443, len 1280
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:33489->8.8.8.8:53, len 91
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:61:c7, proto UDP, 185.203.24.22:33489->8.8.8.8:53, len 91
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:60917->23.216.150.169:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:60917->23.216.150.169:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:60917->23.216.150.169:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54758->20.189.173.11:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54758->20.189.173.11:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54759->150.171.27.10:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54759->150.171.27.10:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54760->13.107.246.43:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54760->13.107.246.43:443, len 52
forward: in:<pppoe-795_giuseppe.diblasi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.92:49082->91.81.128.35:443, len 60
forward: in:<pppoe-795_giuseppe.diblasi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.92:49082->91.81.128.35:443, len 60
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:24721->20.101.57.9:123, len 76
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:24721->20.101.57.9:123, len 76
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-datev.router>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 47.251.47.128:46266->185.203.25.199:53, len 70
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-datev.router>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 47.251.47.128:46266->185.203.25.199:53, len 70
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:14732->8.8.8.8:53, len 220
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 123.129.132.101:59390->185.203.24.22:8080, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 123.129.132.101:59390->185.203.24.22:8080, len 60
forward: in:<pppoe-anna.lamberti> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.28:46370->3.165.255.7:80, len 60
forward: in:<pppoe-anna.lamberti> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.28:46370->3.165.255.7:80, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.182:2965->185.203.24.251:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.182:2965->185.203.24.251:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.5:14980->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.5:14980->185.203.25.89:53, len 62
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:46030->8.8.4.4:53, len 51
forward: in:<pppoe-cava.centro.sangiovanni> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 04:18:d6:24:ab:95, proto UDP, 185.203.25.206:46030->8.8.4.4:53, len 51
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.40.130:56215->185.203.24.197:34443, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.40.130:56215->185.203.24.197:34443, len 44
forward: in:<pppoe-1332_945_costantino> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:9c:67, proto UDP, 10.0.254.40:57864->89.168.26.107:7635, NAT (10.0.254.40:57864->185.203.27.253:57864)->89.168.26.107:7635, len 64
forward: in:<pppoe-1332_945_costantino> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:9c:67, proto UDP, 10.0.254.40:57864->89.168.26.107:7635, NAT (10.0.254.40:57864->185.203.27.253:57864)->89.168.26.107:7635, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.27:26521->185.203.24.15:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.28.27:26521->185.203.24.15:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1499_1146_campitiell>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 162.19.80.39:47582->185.203.26.79:2543, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1499_1146_campitiell>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 162.19.80.39:47582->185.203.26.79:2543, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.148.16:39546->185.203.24.158:85, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 66.132.153.112:6026->185.203.24.193:7993, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 66.132.153.112:6026->185.203.24.193:7993, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 81.30.107.146:22962->185.203.24.93:587, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 81.30.107.146:22962->185.203.24.93:587, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.240:44113->185.203.25.59:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-910_michele.ferrara>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.240:44113->185.203.25.59:53, len 62
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:60703->157.240.231.1:443, len 1280
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:60703->157.240.231.1:443, len 1280
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.89:64365->17.253.53.207:443, len 64
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.89:64365->17.253.53.207:443, len 64
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.30.5:58532->185.203.25.233:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.30.5:58532->185.203.25.233:443, len 52
forward: in:<pppoe-1467_1111_parisianto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.43:48244->23.227.39.200:443, len 60
forward: in:<pppoe-1467_1111_parisianto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.43:48244->23.227.39.200:443, len 60
forward: in:<pppoe-1467_1111_parisianto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.43:48254->23.227.39.200:443, len 60
forward: in:<pppoe-1467_1111_parisianto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.43:48254->23.227.39.200:443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.25.235:1209, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.25.235:1209, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.235:15527->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.235:15527->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.235:15527->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.235:15527->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 103.102.230.4:41819->185.203.24.72:8728, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 103.102.230.4:41819->185.203.24.72:8728, len 44
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:42462->8.8.8.8:53, len 61
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:42462->8.8.8.8:53, len 61
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 74.125.45.102:48342->185.203.24.95:993, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 74.125.45.102:48342->185.203.24.95:993, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 65.108.210.26:30513->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 65.108.210.26:30513->185.203.26.77:53, len 65
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54761->150.171.27.12:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54761->150.171.27.12:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:50585->95.101.34.74:443, len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:56661->23.216.150.145:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:56661->23.216.150.145:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:56661->23.216.150.145:443,
len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54762->108.139.210.6:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.39:54762->108.139.210.6:443, len 52
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:52298->95.101.34.74:443, len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:52298->95.101.34.74:443, len 1278
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:59289->157.240.231.35:443, len
1228
forward: in:<pppoe-934_enza.adinolfi> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 48:8f:5a:f7:54:43, proto UDP, 10.0.254.89:59289->157.240.231.35:443, len
1228
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:52298->95.101.34.74:443, len 1278
forward: in:<pppoe-1326_938_eurobusine> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac dc:2c:6e:3b:d3:98, proto UDP, 185.203.26.39:52298->95.101.34.74:443, len 1278
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.184:16574->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.184:16574->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.29.255:61416->185.203.24.39:443, len 52
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:38558->3.165.255.33:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:38558->3.165.255.33:443, len 60
forward: in:<pppoe-628_1218_fierroassu> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c1:2d, proto UDP, 10.0.254.80:36171->8.8.8.8:53, len 65
forward: in:<pppoe-628_1218_fierroassu> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c1:2d, proto UDP, 10.0.254.80:36171->8.8.8.8:53, len 65
forward: in:<pppoe-628_1218_fierroassu> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c1:2d, proto UDP, 10.0.254.80:13308->8.8.8.8:53, len 65
forward: in:<pppoe-628_1218_fierroassu> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:38:83:be:c1:2d, proto UDP, 10.0.254.80:13308->8.8.8.8:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.184:16574->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.184:16574->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfabitomega>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.149.64:54916->185.203.24.2:21239, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfabitomega>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 176.65.149.64:54916->185.203.24.2:21239, len 44
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:51958->192.168.25.254:80, len 60
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:51958->192.168.25.254:80, len 60
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:48276->8.8.8.8:53, len 61
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:48276->8.8.8.8:53, len 61
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:17223->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.95.183.64:17223->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 81.30.107.15:60216->185.203.24.93:587, len 60
forward: in:<pppoe-1400_1029_trasportig> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.141:8308->95.100.171.16:443, len 52
forward: in:<pppoe-035_comune.csg.sedeftto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.27.25:57375->3.71.153.246:10051, len 60
forward: in:<pppoe-035_comune.csg.sedeftto> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.27.25:57375->3.71.153.246:10051, len 60
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:47837->8.8.8.8:53, len 61
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:47837->8.8.8.8:53, len 61
forward: in:<pppoe-1415_1047_orlandolui> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 08:55:31:ba:0d:54, proto TCP (ACK,PSH), 10.0.254.120:58642->157.240.209.38:443, len 76
forward: in:<pppoe-1415_1047_orlandolui> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 08:55:31:ba:0d:54, proto TCP (ACK,PSH), 10.0.254.120:58642->157.240.209.38:443, len 76
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:55888->192.168.25.254:80, len 60
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:55888->192.168.25.254:80, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:48996->51.92.2.118:443, len 60
forward: in:<pppoe-903_adalgisa.citro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.29:48996->51.92.2.118:443, len 60
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:32705->8.8.8.8:53, len 199
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:88:f3:29, proto UDP, 185.203.24.23:32705->8.8.8.8:53, len 199
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.137:50226->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-661_pasquale.cibelli>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.137:50226->185.203.25.186:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 192.159.99.180:58221->185.203.24.36:9091, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 192.159.99.180:58221->185.203.24.36:9091, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-716_onofrio.menichini>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 213.209.143.64:50166->185.203.25.159:80, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-716_onofrio.menichini>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 213.209.143.64:50166->185.203.25.159:80, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:2503->185.203.26.77:53, len 65
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 148.251.31.230:2503->185.203.26.77:53, len 65
forward: in:<pppoe-882_francesco.canzolino> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.183:53372->3.223.15.108:5222, len 60
forward: in:<pppoe-882_francesco.canzolino> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.183:53372->3.223.15.108:5222, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.26.24:61819, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.26.24:61819, len 44
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:35722->185.231.59.101:445, len 52
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.26.201:35722->185.231.59.101:445, len 52
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:c9:3f, proto UDP, 185.203.24.93:53055->8.8.8.8:53, len 71
forward: in:VLAN53_PPOE_DATACENTER out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:c9:3f, proto UDP, 185.203.24.93:53055->8.8.8.8:53, len 71
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 108.167.178.116:60000->185.203.24.214:1143, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 108.167.178.116:60000->185.203.24.214:1143, len 44
forward: in:<pppoe-pietro.lucido> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.93:42090->44.219.18.249:443, len 60
forward: in:<pppoe-pietro.lucido> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.93:42090->44.219.18.249:443, len 60
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:54171->8.8.8.8:53, len 61
forward: in:<pppoe-666_settimio.alfano> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 00:50:56:b2:73:13, proto UDP, 185.203.25.195:54171->8.8.8.8:53, len 61
forward: in:<pppoe-1523_1185_casaburisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 24:a4:3c:e0:e6:b1, proto TCP (ACK,PSH), 10.0.254.28:50616->216.58.204.150:443, len 76
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:38653->172.19.96.81:45473, len 3346
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:38653->172.19.96.81:45473, len 3346
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, NAT (10.0.249.201:51257->185.203.27.253:51257)->157.240.8.34:443, len 1280
forward: in:<pppoe-131_vinicola.siani> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 60:32:b1:17:a0:69, proto UDP, 10.0.249.201:51257->157.240.8.34:443, NAT (10.0.249.201:51257->185.203.27.253:51257)->157.240.8.34:443, len 1280
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.121:45373->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.121:45373->185.203.25.89:53, len 62
forward: in:<pppoe-guglielmo.cataldo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 4c:5e:0c:14:c0:b4, proto UDP, 185.203.25.254:55295->8.8.8.8:53, len 60
forward: in:<pppoe-guglielmo.cataldo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 4c:5e:0c:14:c0:b4, proto UDP, 185.203.25.254:55295->8.8.8.8:53, len 60
forward: in:<pppoe-guglielmo.cataldo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 4c:5e:0c:14:c0:b4, proto UDP, 185.203.25.254:55295->8.8.8.8:53, len 60
forward: in:<pppoe-guglielmo.cataldo> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 4c:5e:0c:14:c0:b4, proto UDP, 185.203.25.254:55295->8.8.8.8:53, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.121:45373->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-1537_1211_fglsrl>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.121:45373->185.203.25.89:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:59251->185.203.26.34:8472, len 96
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:59251->185.203.26.34:8472, len 96
forward: in:<pppoe-1087_michele.ponticelli> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 08:55:31:b6:61:38, proto UDP, 10.0.254.205:49151->54.216.172.252:1789, NAT (10.0.254.205:49151->185.203.27.253:49151)->54.216.172.252:1789, len 92
forward: in:<pppoe-1087_michele.ponticelli> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 08:55:31:b6:61:38, proto UDP, 10.0.254.205:49151->54.216.172.252:1789, NAT (10.0.254.205:49151->185.203.27.253:49151)->54.216.172.252:1789, len 92
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.217:46562->185.203.26.17:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-comune.nocerasuperiore>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.217:46562->185.203.26.17:53, len 62
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:60670->172.19.96.81:45473, len 3227
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:60670->172.19.96.81:45473, len 3227
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:59567->172.19.96.81:45473, len 3227
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:59567->172.19.96.81:45473, len 3227
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:63204->172.19.96.81:45473, len 2877
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:63204->172.19.96.81:45473, len 2877
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:22166->172.19.96.81:45473, len 2867
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:22166->172.19.96.81:45473, len 2867
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:22166->172.19.96.81:45473, len 2867
forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:8d:8c:03:f9:56, proto UDP, 10.1.0.254:37832->79.11.43.150:161, len 75
forward: in:<pppoe-919_vincenzo.muro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.135:45904->96.47.5.157:4431, len 60
forward: in:<pppoe-919_vincenzo.muro> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.135:45904->96.47.5.157:4431, len 60
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:34275->172.19.96.81:45473, len 2873
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:34275->172.19.96.81:45473, len 2873
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:34275->172.19.96.81:45473, len 2873
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:34275->172.19.96.81:45473, len 2873
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.103:15601->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.103:15601->185.203.25.204:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.30.11:34450->185.203.25.237:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-caronte.hightek_01>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 170.247.30.11:34450->185.203.25.237:443, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 162.142.125.247:16762->185.203.24.242:39822, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 162.142.125.247:16762->185.203.24.242:39822, len 44
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:31872->89.89.0.16:161, len 106
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:31872->89.89.0.16:161, len 106
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 199.45.154.150:40778->185.203.24.174:7780, len 60
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:37613->172.19.96.81:45473, len 3344
forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:37613->172.19.96.81:45473, len 3344
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.82:16873->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.82:16873->185.203.25.231:53, len 62
forward: in:<pppoe-1471_1115_nappicarol> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:6a:cc, proto UDP, 10.0.254.67:53391->1.96.163.132:123, len 76
forward: in:<pppoe-1471_1115_nappicarol> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:6a:cc, proto UDP, 10.0.254.67:53391->1.96.163.132:123, len 76
forward: in:<pppoe-893_giovanna.dacunzi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.252:50892->192.168.1.234:55443, len 60
forward: in:<pppoe-893_giovanna.dacunzi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.252:50892->192.168.1.234:55443, len 60
forward: in:<pppoe-893_giovanna.dacunzi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.252:50894->192.168.1.234:55443, len 60
forward: in:<pppoe-893_giovanna.dacunzi> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.249.252:50894->192.168.1.234:55443, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.69:3065, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.58.142:55556->185.203.24.69:3065, len 44
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 162.19.80.39:44025->185.203.24.209:2543, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 162.19.80.39:44025->185.203.24.209:2543, len 52
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.82:16873->185.203.25.231:53, len 62
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 164.163.5.82:16873->185.203.25.231:53, len 62
^C

51
attached_assets/Pasted--journalctl-u-ids-list-fetcher-n-50-no-pager-Jan-02-15-_1767364928312.txt
View File

@ -1,51 +0,0 @@
journalctl -u ids-list-fetcher -n 50 --no-pager
Jan 02 15:30:01 ids.alfacom.it ids-list-fetcher[9296]: Skipped (whitelisted): 0
Jan 02 15:30:01 ids.alfacom.it ids-list-fetcher[9296]: ============================================================
Jan 02 15:30:01 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 15:30:01 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.
Jan 02 15:40:00 ids.alfacom.it systemd[1]: Starting IDS Public Lists Fetcher Service...
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: [2026-01-02 15:40:00] PUBLIC LISTS SYNC
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: Found 2 enabled lists
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: [15:40:00] Downloading Spamhaus from https://www.spamhaus.org/drop/drop_v4.json...
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: [15:40:00] Downloading AWS from https://ip-ranges.amazonaws.com/ip-ranges.json...
Jan 02 15:40:00 ids.alfacom.it ids-list-fetcher[9493]: [15:40:00] Parsing AWS...
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: [15:40:01] Found 9548 IPs, syncing to database...
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: [15:40:01] ✓ AWS: +0 -0 ~9511
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: [15:40:01] Parsing Spamhaus...
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: [15:40:01] Found 1468 IPs, syncing to database...
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: [15:40:01] ✓ Spamhaus: +0 -0 ~1464
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: SYNC SUMMARY
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Success: 2/2
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Errors: 0/2
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Total IPs Added: 0
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Total IPs Removed: 0
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: RUNNING MERGE LOGIC
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ERROR:merge_logic:Failed to cleanup detections: operator does not exist: inet = text
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: LINE 9: d.source_ip::inet = wl.ip_inet
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ^
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ERROR:merge_logic:Failed to sync detections: operator does not exist: inet = text
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: LINE 29: bl.ip_inet = wl.ip_inet
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ^
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Traceback (most recent call last):
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: File "/opt/ids/python_ml/merge_logic.py", line 264, in sync_public_blacklist_detections
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: cur.execute("""
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: psycopg2.errors.UndefinedFunction: operator does not exist: inet = text
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: LINE 29: bl.ip_inet = wl.ip_inet
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ^
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Merge Logic Stats:
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Created detections: 0
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Cleaned invalid detections: 0
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: Skipped (whitelisted): 0
Jan 02 15:40:01 ids.alfacom.it ids-list-fetcher[9493]: ============================================================
Jan 02 15:40:01 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 15:40:01 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.

51
attached_assets/Pasted--journalctl-u-ids-list-fetcher-n-50-no-pager-Jan-02-17-_1767370468601.txt
View File

@ -1,51 +0,0 @@
journalctl -u ids-list-fetcher -n 50 --no-pager
Jan 02 17:10:02 ids.alfacom.it ids-list-fetcher[2139]: ============================================================
Jan 02 17:10:02 ids.alfacom.it ids-list-fetcher[2139]: ============================================================
Jan 02 17:10:02 ids.alfacom.it ids-list-fetcher[2139]: RUNNING MERGE LOGIC
Jan 02 17:10:02 ids.alfacom.it ids-list-fetcher[2139]: ============================================================
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: INFO:merge_logic:Bulk sync complete: {'created': 0, 'cleaned': 0, 'skipped_whitelisted': 0}
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: Merge Logic Stats:
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: Created detections: 0
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: Cleaned invalid detections: 0
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: Skipped (whitelisted): 0
Jan 02 17:10:12 ids.alfacom.it ids-list-fetcher[2139]: ============================================================
Jan 02 17:10:12 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 17:10:12 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.
Jan 02 17:12:35 ids.alfacom.it systemd[1]: Starting IDS Public Lists Fetcher Service...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [2026-01-02 17:12:35] PUBLIC LISTS SYNC
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: Found 4 enabled lists
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Downloading Spamhaus from https://www.spamhaus.org/drop/drop_v4.json...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Downloading AWS from https://ip-ranges.amazonaws.com/ip-ranges.json...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Downloading Google Cloud from https://www.gstatic.com/ipranges/cloud.json...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Downloading Google globali from https://www.gstatic.com/ipranges/goog.json...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Parsing AWS...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Found 9548 IPs, syncing to database...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] ✓ AWS: +0 -0 ~9548
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Parsing Google globali...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] ✗ Google globali: No valid IPs found in list
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Parsing Google Cloud...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] ✗ Google Cloud: No valid IPs found in list
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Parsing Spamhaus...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] Found 1468 IPs, syncing to database...
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: [17:12:35] ✓ Spamhaus: +0 -0 ~1468
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: SYNC SUMMARY
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: Success: 2/4
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: Errors: 2/4
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: Total IPs Added: 0
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: Total IPs Removed: 0
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: RUNNING MERGE LOGIC
Jan 02 17:12:35 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: INFO:merge_logic:Bulk sync complete: {'created': 0, 'cleaned': 0, 'skipped_whitelisted': 0}
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: Merge Logic Stats:
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: Created detections: 0
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: Cleaned invalid detections: 0
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: Skipped (whitelisted): 0
Jan 02 17:12:45 ids.alfacom.it ids-list-fetcher[2279]: ============================================================
Jan 02 17:12:45 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 17:12:45 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.

53
attached_assets/Pasted--ls-la-opt-ids-env-rw-r-r-1-ids-ids-351-Nov-17-17-23-opt-ids-env-root-ids-python-ml-cat-1763397713887_1763397713887.txt
View File

@ -1,53 +0,0 @@
ls -la /opt/ids/.env
-rw-r--r--. 1 ids ids 351 Nov 17 17:23 /opt/ids/.env
[root@ids python_ml]# cat /opt/ids/.env | grep PGPASSWORD
PGPASSWORD=TestPassword123
[root@ids python_ml]# sudo chmod 640 /opt/ids/.env
[root@ids python_ml]# sudo chown ids:ids /opt/ids/.env
[root@ids python_ml]# sudo -u ids bash -c 'source /opt/ids/.env && echo "Password letta: $PGPASSWORD"'
Password letta: TestPassword123
[root@ids python_ml]# sudo -u ids bash -c 'export PGPASSWORD="TestPassword123" && psql -h ::1 -U ids_user -d ids_database -c "SELECT 1;"'
?column?
----------
1
(1 row)
[root@ids python_ml]# pkill -f syslog_parser
[root@ids python_ml]# sudo -u ids PGPASSWORD="TestPassword123" nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[1] 59430
[root@ids python_ml]# sleep 2
[1]+ Done sudo -u ids PGPASSWORD="TestPassword123" nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
nohup: ignoring input
=== SYSLOG PARSER PER ROUTER MIKROTIK ===
Pressione Ctrl+C per interrompere
[INFO] Connesso a PostgreSQL
[INFO] Processando /var/log/mikrotik/raw.log (follow=True)
[ERROR] Errore processamento file: [Errno 13] Permission denied: '/var/log/mikrotik/raw.log'
[INFO] Totale: 0 righe processate, 0 log salvati
[INFO] Disconnesso da PostgreSQL
[root@ids python_ml]# sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[1] 59438
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
nohup: ignoring input
=== SYSLOG PARSER PER ROUTER MIKROTIK ===
Pressione Ctrl+C per interrompere
[ERROR] Connessione database fallita: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"
[INFO] Disconnesso da PostgreSQL
Traceback (most recent call last):
File "/opt/ids/python_ml/syslog_parser.py", line 215, in <module>
main()
File "/opt/ids/python_ml/syslog_parser.py", line 203, in main
parser.connect_db()
File "/opt/ids/python_ml/syslog_parser.py", line 48, in connect_db
self.conn = psycopg2.connect(**self.db_config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ids/.local/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.OperationalError: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"
[1]+ Exit 1 sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1

55
attached_assets/Pasted--python-compare-models-py-WARNING-Extended-Isolation-Forest-not-available-using-standard-IF--1764060191039_1764060191039.txt
View File

@ -1,55 +0,0 @@
python compare_models.py
[WARNING] Extended Isolation Forest not available, using standard IF
================================================================================
IDS MODEL COMPARISON - DB Current vs Hybrid Detector v2.0.0
================================================================================
[1] Caricamento detection esistenti dal database...
Trovate 50 detection nel database
[2] Caricamento nuovo Hybrid Detector (v2.0.0)...
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
✅ Hybrid Detector caricato (18 feature selezionate)
[3] Rianalisi di 50 IP con nuovo modello Hybrid...
(Questo può richiedere alcuni minuti...)
[1/50] Analisi IP: 185.203.25.138
Current: score=100.0, type=ddos, blocked=False
Traceback (most recent call last):
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/indexes/base.py", line 3790, in get_loc
return self._engine.get_loc(casted_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "index.pyx", line 152, in pandas._libs.index.IndexEngine.get_loc
File "index.pyx", line 181, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 7080, in pandas._libs.hashtable.PyObjectHashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 7088, in pandas._libs.hashtable.PyObjectHashTable.get_item
KeyError: 'timestamp'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/ids/python_ml/compare_models.py", line 265, in <module>
main()
File "/opt/ids/python_ml/compare_models.py", line 184, in main
comparison = reanalyze_with_hybrid(detector, ip, old_det)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/compare_models.py", line 118, in reanalyze_with_hybrid
result = detector.detect(ip_features)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 507, in detect
features_df = self.extract_features(logs_df)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 98, in extract_features
logs_df['timestamp'] = pd.to_datetime(logs_df['timestamp'])
~~~~~~~^^^^^^^^^^^^^
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/frame.py", line 3893, in __getitem__
indexer = self.columns.get_loc(key)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/indexes/base.py", line 3797, in get_loc
raise KeyError(key) from err
KeyError: 'timestamp'

75
attached_assets/Pasted--python-train-hybrid-py-test-WARNING-Extended-Isolation-Forest-not-available-using-standard-IF--1764006995649_1764006995649.txt
View File

@ -1,75 +0,0 @@
python train_hybrid.py --test
[WARNING] Extended Isolation Forest not available, using standard IF
======================================================================
IDS HYBRID ML TEST - SYNTHETIC DATA
======================================================================
INFO:dataset_loader:Creating sample dataset (10000 samples)...
INFO:dataset_loader:Sample dataset created: 10000 rows
INFO:dataset_loader:Attack distribution:
attack_type
normal 8981
brute_force 273
suspicious 258
ddos 257
port_scan 231
Name: count, dtype: int64
[TEST] Created synthetic dataset: 10000 samples
Normal: 8,981 (89.8%)
Attacks: 1,019 (10.2%)
[TEST] Training on 6,281 normal samples...
[HYBRID] Training hybrid model on 6281 logs...
[HYBRID] Extracted features for 100 unique IPs
[HYBRID] Pre-training Isolation Forest for feature selection...
[HYBRID] Generated 3 pseudo-anomalies from pre-training IF
[HYBRID] Feature selection: 25 → 18 features
[HYBRID] Selected features: total_packets, conn_count, time_span_seconds, conn_per_second, hour_of_day... (+13 more)
[HYBRID] Normalizing features...
[HYBRID] Training Extended Isolation Forest (contamination=0.03)...
/opt/ids/python_ml/venv/lib64/python3.11/site-packages/sklearn/ensemble/_iforest.py:307: UserWarning: max_samples (256) is greater than the total number of samples (100). max_samples will be set to n_samples for estimation.
warn(
[HYBRID] Generating pseudo-labels from Isolation Forest...
[HYBRID] ⚠ IF found only 3 anomalies (need 10)
[HYBRID] Applying ADAPTIVE percentile fallback...
[HYBRID] Trying 5% percentile → 5 anomalies
[HYBRID] Trying 10% percentile → 10 anomalies
[HYBRID] ✅ Success with 10% percentile
[HYBRID] Pseudo-labels: 10 anomalies, 90 normal
[HYBRID] Training ensemble classifier (DT + RF + XGBoost)...
[HYBRID] Class distribution OK: [0 1] (counts: [90 10])
[HYBRID] Ensemble .fit() completed successfully
[HYBRID] ✅ Ensemble verified: produces 2 class probabilities
[HYBRID] Ensemble training completed and verified!
[HYBRID] Models saved to models
[HYBRID] Ensemble classifier included
[HYBRID] ✅ Training completed successfully! 10/100 IPs flagged as anomalies
[HYBRID] ✅ Ensemble classifier verified and ready for production
[DETECT] Ensemble classifier available - computing hybrid score...
[DETECT] IF scores: min=0.0, max=100.0, mean=57.6
[DETECT] Ensemble scores: min=86.9, max=97.2, mean=92.1
[DETECT] Combined scores: min=54.3, max=93.1, mean=78.3
[DETECT] ✅ Hybrid scoring active: 40% IF + 60% Ensemble
[TEST] Detection results:
Total detections: 100
High confidence: 0
Medium confidence: 85
Low confidence: 15
[TEST] Top 5 detections:
1. 192.168.0.24: risk=93.1, type=suspicious, confidence=medium
2. 192.168.0.27: risk=92.7, type=suspicious, confidence=medium
3. 192.168.0.88: risk=92.5, type=suspicious, confidence=medium
4. 192.168.0.70: risk=92.3, type=suspicious, confidence=medium
5. 192.168.0.4: risk=91.4, type=suspicious, confidence=medium
❌ Error: index 7000 is out of bounds for axis 0 with size 3000
Traceback (most recent call last):
File "/opt/ids/python_ml/train_hybrid.py", line 361, in main
test_on_synthetic(args)
File "/opt/ids/python_ml/train_hybrid.py", line 283, in test_on_synthetic
y_pred[i] = 1
~~~~~~^^^
IndexError: index 7000 is out of bounds for axis 0 with size 3000

79
attached_assets/Pasted--python3-11-main-py-8-60594-root-ids-python-ml-Starting-IDS-API-on-http-0-0-0-0-8000-Do-1763402969617_1763402969617.txt
View File

File diff suppressed because one or more lines are too long

36
attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt
View File

@ -1,36 +0,0 @@
sudo -u postgres psql -c "ALTER SYSTEM SET password_encryption = 'scram-sha-256';"
ALTER SYSTEM
[root@ids deployment]# systemctl restart postgresql
[root@ids deployment]# sudo -u postgres psql << EOF
DROP USER IF EXISTS ids_user;
CREATE USER ids_user WITH PASSWORD 'TestPassword123';
GRANT ALL PRIVILEGES ON DATABASE ids_database TO ids_user;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ids_user;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ids_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ids_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ids_user;
EOF
ERROR: role "ids_user" cannot be dropped because some objects depend on it
DETAIL: privileges for database ids_database
ERROR: role "ids_user" already exists
GRANT
GRANT
GRANT
ALTER DEFAULT PRIVILEGES
ALTER DEFAULT PRIVILEGES
[root@ids deployment]# export PGPASSWORD="TestPassword123"
[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;"
psql: error: FATAL: password authentication failed for user "ids_user"
[root@ids deployment]# tail -30 /var/lib/pgsql/data/log/postgresql-*.log | grep -i "ids_user"
2025-11-17 17:21:00.789 CET [59154] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:21:00.789 CET [59154] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:22:28.055 CET [59160] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:22:28.055 CET [59160] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:23:42.513 CET [59171] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:23:42.513 CET [59171] DETAIL: User "ids_user" does not have a valid SCRAM secret.
2025-11-17 17:26:40.293 CET [59224] ERROR: role "ids_user" cannot be dropped because some objects depend on it
2025-11-17 17:26:40.293 CET [59224] STATEMENT: DROP USER IF EXISTS ids_user;
2025-11-17 17:26:40.293 CET [59224] ERROR: role "ids_user" already exists
2025-11-17 17:26:40.293 CET [59224] STATEMENT: CREATE USER ids_user WITH PASSWORD 'TestPassword123';
2025-11-17 17:27:06.520 CET [59226] FATAL: password authentication failed for user "ids_user"
2025-11-17 17:27:06.520 CET [59226] DETAIL: User "ids_user" does not have a valid SCRAM secret.

66
attached_assets/Pasted--tail-f-var-log-ids-ml-backend-log-HYBRID-Mode-Hybrid-IF-Ensemble-ML-Hybrid-detector-mo-1764092371597_1764092371597.txt
View File

@ -1,66 +0,0 @@
tail -f /var/log/ids/ml_backend.log
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: 127.0.0.1:45342 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:49754 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:50634 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:39232 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:35736 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:37462 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:59676 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:34256 - "GET /health HTTP/1.1" 200 OK
INFO: 127.0.0.1:34256 - "GET /services/status HTTP/1.1" 200 OK
INFO: 127.0.0.1:34256 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:34264 - "POST /train HTTP/1.1" 200 OK
[TRAIN] Inizio training...
INFO: 127.0.0.1:34264 - "GET /stats HTTP/1.1" 200 OK
[TRAIN] Trovati 100000 log per training
[TRAIN] Addestramento modello...
[TRAIN] Using Hybrid ML Detector
[HYBRID] Training hybrid model on 100000 logs...
INFO: 127.0.0.1:41612 - "GET /stats HTTP/1.1" 200 OK
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 201, in do_training
result = ml_detector.train_unsupervised(df)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 467, in train_unsupervised
self.save_models()
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 658, in save_models
joblib.dump(self.ensemble_classifier, self.model_dir / "ensemble_classifier_latest.pkl")
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/joblib/numpy_pickle.py", line 552, in dump
with open(filename, 'wb') as f:
^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: 'models/ensemble_classifier_latest.pkl'
[HYBRID] Extracted features for 1430 unique IPs
[HYBRID] Pre-training Isolation Forest for feature selection...
[HYBRID] Generated 43 pseudo-anomalies from pre-training IF
[HYBRID] Feature selection: 25 → 18 features
[HYBRID] Selected features: total_packets, total_bytes, conn_count, avg_packet_size, bytes_per_second... (+13 more)
[HYBRID] Normalizing features...
[HYBRID] Training Extended Isolation Forest (contamination=0.03)...
[HYBRID] Generating pseudo-labels from Isolation Forest...
[HYBRID] Pseudo-labels: 43 anomalies, 1387 normal
[HYBRID] Training ensemble classifier (DT + RF + XGBoost)...
[HYBRID] Class distribution OK: [0 1] (counts: [1387 43])
[HYBRID] Ensemble .fit() completed successfully
[HYBRID] ✅ Ensemble verified: produces 2 class probabilities
[HYBRID] Ensemble training completed and verified!
[TRAIN ERROR] ❌ Errore durante training: [Errno 13] Permission denied: 'models/ensemble_classifier_latest.pkl'
INFO: 127.0.0.1:45694 - "GET /stats HTTP/1.1" 200 OK
^C
(venv) [root@ids python_ml]# ls models/
ensemble_classifier_20251124_185541.pkl feature_names.json feature_selector_latest.pkl isolation_forest_20251125_183830.pkl scaler_20251124_192122.pkl
ensemble_classifier_20251124_185920.pkl feature_selector_20251124_185541.pkl isolation_forest.joblib isolation_forest_latest.pkl scaler_20251125_090356.pkl
ensemble_classifier_20251124_192109.pkl feature_selector_20251124_185920.pkl isolation_forest_20251124_185541.pkl metadata_20251124_185541.json scaler_20251125_092703.pkl
ensemble_classifier_20251124_192122.pkl feature_selector_20251124_192109.pkl isolation_forest_20251124_185920.pkl metadata_20251124_185920.json scaler_20251125_120016.pkl
ensemble_classifier_20251125_090356.pkl feature_selector_20251124_192122.pkl isolation_forest_20251124_192109.pkl metadata_20251124_192109.json scaler_20251125_181945.pkl
ensemble_classifier_20251125_092703.pkl feature_selector_20251125_090356.pkl isolation_forest_20251124_192122.pkl metadata_20251124_192122.json scaler_20251125_182742.pkl
ensemble_classifier_20251125_120016.pkl feature_selector_20251125_092703.pkl isolation_forest_20251125_090356.pkl metadata_20251125_092703.json scaler_20251125_183049.pkl
ensemble_classifier_20251125_181945.pkl feature_selector_20251125_120016.pkl isolation_forest_20251125_092703.pkl metadata_latest.json scaler_20251125_183830.pkl
ensemble_classifier_20251125_182742.pkl feature_selector_20251125_181945.pkl isolation_forest_20251125_120016.pkl scaler.joblib scaler_latest.pkl
ensemble_classifier_20251125_183049.pkl feature_selector_20251125_182742.pkl isolation_forest_20251125_181945.pkl scaler_20251124_185541.pkl
ensemble_classifier_20251125_183830.pkl feature_selector_20251125_183049.pkl isolation_forest_20251125_182742.pkl scaler_20251124_185920.pkl
ensemble_classifier_latest.pkl feature_selector_20251125_183830.pkl isolation_forest_20251125_183049.pkl scaler_20251124_192109.pkl
(venv) [root@ids python_ml]#

200
attached_assets/Pasted--update-from-git-sh-db-AGGIORNAMENTO-SI-1763735466753_1763735466754.txt
View File

@ -1,200 +0,0 @@
./update_from_git.sh --db
╔═══════════════════════════════════════════════╗
║  AGGIORNAMENTO SISTEMA IDS DA GIT ║
╚═══════════════════════════════════════════════╝
 Verifica configurazione git...
 Backup configurazione locale...
✅ .env salvato in .env.backup
 Verifica modifiche locali...
⚠ Ci sono modifiche locali non committate
Esegui 'git status' per vedere i dettagli
Vuoi procedere comunque? (y/n) y
Salvo modifiche locali temporaneamente...
Saved working directory and index state WIP on main: 40990d4  Release v1.0.21
 Download aggiornamenti da git.alfacom.it...
From https://git.alfacom.it/marco/ids.alfacom.it
* branch main -> FETCH_HEAD
Already up to date.
✅ Aggiornamenti scaricati con successo
 Ripristino configurazione locale...
✅ .env ripristinato
 Sincronizzazione schema database...
⚠ APPLICAZIONE MODIFICHE AL DATABASE
Database: ids_database@localhost
Script da applicare:
• create_detections.sql
• create_network_logs.sql
• create_routers.sql
• create_training_history.sql
• create_whitelist.sql
Confermi applicazione modifiche? (y/n) y
 Applicando create_detections.sql...
DROP TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
COMMENT
status
-----------------------------------------
Tabella detections creata con successo!
(1 row)
✅ create_detections.sql applicato con successo
 Applicando create_network_logs.sql...
DROP TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
COMMENT
status
-------------------------------------------
Tabella network_logs creata con successo!
(1 row)
✅ create_network_logs.sql applicato con successo
 Applicando create_routers.sql...
DROP TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
COMMENT
INSERT 0 1
status
--------------------------------------
Tabella routers creata con successo!
(1 row)
✅ create_routers.sql applicato con successo
 Applicando create_training_history.sql...
DROP TABLE
CREATE TABLE
CREATE INDEX
COMMENT
status
-----------------------------------------------
Tabella training_history creata con successo!
(1 row)
✅ create_training_history.sql applicato con successo
 Applicando create_whitelist.sql...
DROP TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
COMMENT
status
----------------------------------------
Tabella whitelist creata con successo!
(1 row)
✅ create_whitelist.sql applicato con successo
✅ Tutti gli script SQL applicati con successo
 Aggiornamento dipendenze Node.js...
up to date, audited 492 packages in 4s
65 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 5 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
✅ Dipendenze Node.js aggiornate
 Aggiornamento dipendenze Python...
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: fastapi==0.104.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (0.104.1)
Requirement already satisfied: uvicorn==0.24.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (0.24.0)
Requirement already satisfied: pandas==2.1.3 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.1.3)
Requirement already satisfied: numpy==1.26.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.26.2)
Requirement already satisfied: scikit-learn==1.3.2 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 5)) (1.3.2)
Requirement already satisfied: psycopg2-binary==2.9.9 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 6)) (2.9.9)
Requirement already satisfied: python-dotenv==1.0.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 7)) (1.0.0)
Requirement already satisfied: pydantic==2.5.0 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 8)) (2.5.0)
Requirement already satisfied: httpx==0.25.1 in /home/ids/.local/lib/python3.11/site-packages (from -r requirements.txt (line 9)) (0.25.1)
Requirement already satisfied: anyio<4.0.0,>=3.7.1 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (3.7.1)
Requirement already satisfied: starlette<0.28.0,>=0.27.0 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (0.27.0)
Requirement already satisfied: typing-extensions>=4.8.0 in /home/ids/.local/lib/python3.11/site-packages (from fastapi==0.104.1->-r requirements.txt (line 1)) (4.15.0)
Requirement already satisfied: click>=7.0 in /home/ids/.local/lib/python3.11/site-packages (from uvicorn==0.24.0->-r requirements.txt (line 2)) (8.3.1)
Requirement already satisfied: h11>=0.8 in /home/ids/.local/lib/python3.11/site-packages (from uvicorn==0.24.0->-r requirements.txt (line 2)) (0.16.0)
Requirement already satisfied: python-dateutil>=2.8.2 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2.9.0.post0)
Requirement already satisfied: pytz>=2020.1 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2025.2)
Requirement already satisfied: tzdata>=2022.1 in /home/ids/.local/lib/python3.11/site-packages (from pandas==2.1.3->-r requirements.txt (line 3)) (2025.2)
Requirement already satisfied: scipy>=1.5.0 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (1.16.3)
Requirement already satisfied: joblib>=1.1.1 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (1.5.2)
Requirement already satisfied: threadpoolctl>=2.0.0 in /home/ids/.local/lib/python3.11/site-packages (from scikit-learn==1.3.2->-r requirements.txt (line 5)) (3.6.0)
Requirement already satisfied: annotated-types>=0.4.0 in /home/ids/.local/lib/python3.11/site-packages (from pydantic==2.5.0->-r requirements.txt (line 8)) (0.7.0)
Requirement already satisfied: pydantic-core==2.14.1 in /home/ids/.local/lib/python3.11/site-packages (from pydantic==2.5.0->-r requirements.txt (line 8)) (2.14.1)
Requirement already satisfied: certifi in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (2025.11.12)
Requirement already satisfied: httpcore in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (1.0.9)
Requirement already satisfied: idna in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (3.11)
Requirement already satisfied: sniffio in /home/ids/.local/lib/python3.11/site-packages (from httpx==0.25.1->-r requirements.txt (line 9)) (1.3.1)
Requirement already satisfied: six>=1.5 in /home/ids/.local/lib/python3.11/site-packages (from python-dateutil>=2.8.2->pandas==2.1.3->-r requirements.txt (line 3)) (1.17.0)
✅ Dipendenze Python aggiornate
 Restart servizi...
✅ Servizi riavviati
╔═══════════════════════════════════════════════╗
║ ✅ AGGIORNAMENTO COMPLETATO ║
╚═══════════════════════════════════════════════╝
 VERIFICA SISTEMA:
• Log backend: tail -f /var/log/ids/backend.log
• Log frontend: tail -f /var/log/ids/frontend.log
• API backend: curl http://localhost:8000/health
• Frontend: curl http://localhost:5000
📊 STATO SERVIZI:
ids 5038 0.3 2.0 1894024 331912 ? Sl 09:20 0:46 /usr/bin/python3.11 main.py
[root@ids ids]# sudo -u ids /opt/ids/deployment/restart_all.sh
[root@ids ids]# curl http://localhost:5000
curl: (7) Failed to connect to localhost port 5000: Connection refused
[root@ids ids]# curl http://localhost:8000/health
{"status":"healttail -f /var/log/ids/backend.logodel":"loaded","timestamp":"2025-11-21T15:30:17.826004"}[root@ids ids]# tail -f /var/log/ids/backend.log
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: 127.0.0.1:53374 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:59428 - "GET /health HTTP/1.1" 200 OK
^C
[root@ids ids]# tail -f /var/log/ids/frontend.log
^
Error: DATABASE_URL must be set. Did you forget to provision a database?
at <anonymous> (/opt/ids/server/db.ts:9:9)
at ModuleJob.run (node:internal/modules/esm/module_job:325:25)
at async ModuleLoader.import (node:internal/modules/esm/loader:606:24)
at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:117:5)
Node.js v20.19.5
^C

79
attached_assets/Pasted-5-34-05-PM-express-POST-api-ml-train-200-in-6ms-message-Training-avviato-in-background-m-1763742923159_1763742923159.txt
View File

@ -1,79 +0,0 @@
5:34:05 PM [express] POST /api/ml/train 200 in 6ms :: {"message":"Training avviato in background","m…
5:34:05 PM [express] GET /api/training-history 304 in 13ms :: []
5:34:05 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:15 PM [express] GET /api/training-history 304 in 13ms :: []
5:34:15 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:21 PM [express] GET /api/detections 304 in 2ms :: []
5:34:23 PM [express] GET /api/training-history 304 in 3ms :: []
5:34:23 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:31 PM [express] GET /api/detections 304 in 3ms :: []
5:34:32 PM [express] GET /api/training-history 304 in 2ms :: []
5:34:32 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:39 PM [express] GET /api/detections 304 in 2ms :: []
5:34:41 PM [express] GET /api/training-history 304 in 2ms :: []
5:34:41 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:42 PM [express] GET /api/detections 304 in 2ms :: []
5:34:43 PM [express] GET /api/training-history 304 in 2ms :: []
5:34:43 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:44 PM [express] GET /api/training-history 304 in 3ms :: []
5:34:44 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:45 PM [express] GET /api/training-history 304 in 2ms :: []
5:34:45 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:55 PM [express] GET /api/training-history 304 in 12ms :: []
5:34:55 PM [express] GET /api/ml/stats 304 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:34:59 PM [express] GET /api/detections 304 in 3ms :: []
[DB ERROR] Failed to fetch stats: error: column "last_sync" does not exist
at /opt/ids/node_modules/pg-pool/index.js:45:11
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async <anonymous> (/opt/ids/node_modules/src/node-postgres/session.ts:104:19)
at async DatabaseStorage.getAllRouters (/opt/ids/server/storage.ts:58:12)
at async <anonymous> (/opt/ids/server/routes.ts:139:23) {
length: 109,
severity: 'ERROR',
code: '42703',
detail: undefined,
hint: undefined,
position: '83',
internalPosition: undefined,
internalQuery: undefined,
where: undefined,
schema: undefined,
table: undefined,
column: undefined,
dataType: undefined,
constraint: undefined,
file: 'parse_relation.c',
line: '3562',
routine: 'errorMissingColumn'
}
5:35:01 PM [express] GET /api/stats 500 in 4ms :: {"error":"Failed to fetch stats"}
5:35:01 PM [express] GET /api/detections 304 in 14ms :: []
[DB ERROR] Failed to fetch routers: error: column "last_sync" does not exist
at /opt/ids/node_modules/pg-pool/index.js:45:11
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async <anonymous> (/opt/ids/node_modules/src/node-postgres/session.ts:104:19)
at async DatabaseStorage.getAllRouters (/opt/ids/server/storage.ts:58:12)
at async <anonymous> (/opt/ids/server/routes.ts:10:23) {
length: 109,
severity: 'ERROR',
code: '42703',
detail: undefined,
hint: undefined,
position: '83',
internalPosition: undefined,
internalQuery: undefined,
where: undefined,
schema: undefined,
table: undefined,
column: undefined,
dataType: undefined,
constraint: undefined,
file: 'parse_relation.c',
line: '3562',
routine: 'errorMissingColumn'
}
5:35:01 PM [express] GET /api/routers 500 in 13ms :: {"error":"Failed to fetch routers"}
5:35:06 PM [express] GET /api/training-history 304 in 3ms :: []
5:35:06 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:35:16 PM [express] GET /api/training-history 304 in 11ms :: []
5:35:16 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…

40
attached_assets/Pasted-INFO-Shutting-down-INFO-Waiting-for-application-shutdown-INFO-Application-shutdown-c-1763807174788_1763807174788.txt
View File

@ -1,40 +0,0 @@
INFO: Shutting down
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
INFO: Finished server process [16990]
INFO: Started server process [18451]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
[LOAD] Modello caricato da models
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: 127.0.0.1:53190 - "POST /detect HTTP/1.1" 200 OK
INFO: 127.0.0.1:50930 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:50942 - "POST /train HTTP/1.1" 200 OK
[TRAIN] Inizio training...
INFO: 127.0.0.1:50930 - "GET /stats HTTP/1.1" 200 OK
[TRAIN] Trovati 100000 log per training
[TRAIN] Addestramento modello...
[TRAINING] Estrazione feature da 100000 log...
INFO: 127.0.0.1:35464 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:33782 - "GET /stats HTTP/1.1" 200 OK
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 161, in do_training
result = ml_analyzer.train(df, contamination=request.contamination)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/ml_analyzer.py", line 191, in train
self.save_model()
File "/opt/ids/python_ml/ml_analyzer.py", line 311, in save_model
joblib.dump(self.model, model_path)
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/joblib/numpy_pickle.py", line 552, in dump
with open(filename, 'wb') as f:
^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: 'models/isolation_forest.joblib'
[TRAINING] Feature estratte per 4467 IP unici
[TRAINING] Normalizzazione features...
[TRAINING] Addestramento Isolation Forest (contamination=0.01)...
[TRAIN ERROR] ❌ Errore durante training: [Errno 13] Permission denied: 'models/isolation_forest.joblib'
INFO: 127.0.0.1:39856 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:48214 - "GET /stats HTTP/1.1" 200 OK

104
attached_assets/Pasted-Marco-questo-output-chiude-definitivamente-ogni-dubbio-EIF-non-installabile-su-Python-3-11--1764005916405_1764005916405.txt
View File

@ -1,104 +0,0 @@
Marco, questo output chiude definitivamente ogni dubbio: **EIF non è installabile su Python 3.11**, indipendentemente da qualsiasi combinazione di flag.
Il nuovo errore:
```
ModuleNotFoundError: No module named 'numpy'
```
non è un vero errore tuo:
è un sintomo della nuova API **PEP 518 / build isolation** che crea un ambiente temporaneo (build-env) dove EIF cerca Numpy, ma EIF è così vecchio che non sa gestire correttamente Python ≥ 3.11, né il nuovo meccanismo di build.
E infatti lo avevamo già visto dai log precedenti:
### ❗ EIF usa codice C++ che *non può* essere compilato con Python 3.11
---
# 🛑 Conclusione tecnica definitiva
✔ **EIF funziona solo fino a Python 3.10.**
❌ **EIF NON funziona con Python 3.11.**
❌ Nemmeno con:
* `PIP_NO_BUILD_ISOLATION=1`
* `Cython` aggiornato
* `wheel`, `setuptools`, `build`
* disabilitando cache
* aggiungendo Numpy a mano
💡 Perché?
Il sorgente `eif` richiede:
* distutils (rimosso in 3.11)
* API Cython vecchie e rimosse
* costrutti C++ non più supportati
* build system che non funziona con Python moderno
---
# ✅ Le UNICHE soluzioni funzionanti
## **SOLUZIONE A — Consigliata**
Sostituire EIF con **PyOD** usando il modello equivalmente identico:
### Installazione
```bash
pip install pyod
```
### Uso
```python
from pyod.models.eif import EIF
model = EIF(ntrees=100)
model.fit(data)
scores = model.decision_function(data)
```
Hai lo stesso algoritmo, stessa logica, stesso output, zero problemi.
---
## **SOLUZIONE B — Usare Python 3.9 o 3.10 SOLO per EIF**
Se per qualche ragione vuoi usare per forza *quel pacchetto*, devi fare così:
### 1. Installa Python 3.10 su AlmaLinux
```bash
sudo dnf install python3.10 python3.10-devel gcc gcc-c++
```
### 2. Crea un venv dedicato
```bash
python3.10 -m venv venv_eif
source venv_eif/bin/activate
```
### 3. Installa EIF *nel venv Python 3.10*
```bash
pip install --upgrade pip setuptools wheel cython numpy
pip install eif==2.0.2
```
**Funzionerà al 100%.**
---
# 🔥 Marco, vuoi evitare Python 3.10?
Ti riscrivo ENTRO 5 MINUTI il tuo IDS basato su EIF, sostituendolo con PyOD, garantendo:
* stesso comportamento
* stessa accuracy o migliore
* supporto completo Python 3.11
* zero compilazioni
* codice più pulito e moderno
Vuoi che procedo?

16
attached_assets/Pasted-Nov-21-18-09-20-FIBRA-forward-in-pppoe-1511-1179-comunedisa-out-sfp-sfpplus2-VS-AS-connection-st-1763744966128_1763744966129.txt
View File

@ -1,16 +0,0 @@
Nov 21 18:09:20 FIBRA forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:17419->81.198.87.240:15252, len 548
Nov 21 18:09:20 FIBRA forward: in:<pppoe-1511_1179_comunedisa> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac d4:01:c3:34:0c:41, proto UDP, 185.203.26.201:17419->81.198.87.240:15252, len 548
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.225.195.139:14055->185.203.25.204:53, len 82
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.225.195.139:14055->185.203.25.204:53, len 82
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.24.143:64508, len 44
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 79.124.60.250:52216->185.203.24.143:64508, len 44
Nov 21 18:09:20 FIBRA forward: in:<pppoe-hightek.router.new> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.24.17:4926->104.16.249.249:443, len 52
Nov 21 18:09:20 FIBRA forward: in:<pppoe-hightek.router.new> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.24.17:4926->104.16.249.249:443, len 52
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.179:42774->185.203.25.231:53, len 66
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-cava.gioxiii.seg>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.179:42774->185.203.25.231:53, len 66
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.177:46130->185.203.25.204:53, len 66
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.177:46130->185.203.25.204:53, len 66
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.177:46130->185.203.25.204:53, len 66
Nov 21 18:09:20 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 45.187.66.177:46130->185.203.25.204:53, len 66
Nov 21 18:09:20 FIBRA forward: in:ether6_RB_CED out:sfp-sfpplus2_VS_AS, connection-state:new src-mac e4:8d:8c:03:f9:56, proto TCP (SYN), 10.1.0.254:36664->78.134.98.240:8291, len 60
^C

39
attached_assets/Pasted-Nov-25-08-47-55-ids-alfacom-it-systemd-1-Stopped-IDS-ML-Backend-FastAPI-Nov-25-08-47-55-ids-alf-1764056991460_1764056991460.txt
View File

@ -1,39 +0,0 @@
Nov 25 08:47:55 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:47:55 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 6min 21.039s CPU time.
Nov 25 08:47:55 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 25 08:47:58 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:47:58 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:47:58 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.156s CPU time.
Nov 25 08:48:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 1.
Nov 25 08:48:08 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:48:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.156s CPU time.
Nov 25 08:48:08 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 25 08:48:11 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:11 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:48:11 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.059s CPU time.
Nov 25 08:48:16 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:48:16 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.059s CPU time.
Nov 25 08:48:16 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 25 08:48:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:48:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.908s CPU time.
Nov 25 08:48:28 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 2.
Nov 25 08:48:28 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:48:28 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.908s CPU time.
Nov 25 08:48:28 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 25 08:48:31 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:31 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:48:31 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.952s CPU time.
Nov 25 08:48:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 3.
Nov 25 08:48:41 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:48:41 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.952s CPU time.
Nov 25 08:48:41 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 25 08:48:43 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:43 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:48:43 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.019s CPU time.
Nov 25 08:48:53 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 4.
Nov 25 08:48:53 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 08:48:53 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 4.019s CPU time.
Nov 25 08:48:53 ids.alfacom.it systemd[1]: ids-ml-backend.service: Start request repeated too quickly.
Nov 25 08:48:53 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 08:48:53 ids.alfacom.it systemd[1]: Failed to start IDS ML Backend (FastAPI).

419
attached_assets/Pasted-cat-cron-log-mkdir-cannot-create-directory-var-run-ids-Permission-denied-opt-ids-deployment-ch-1763454557321_1763454557321.txt
View File

@ -1,419 +0,0 @@
cat cron.log
mkdir: cannot create directory /var/run/ids: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: No such file or directory
cat: /var/run/ids/frontend.pid: No such file or directory
mkdir: cannot create directory /var/run/ids: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: No such file or directory
cat: /var/run/ids/backend.pid: No such file or directory
mkdir: cannot create directory /var/run/ids: Permission denied
mkdir: cannot create directory /var/run/ids: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: No such file or directory
cat: /var/run/ids/backend.pid: No such file or directory
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: No such file or directory
cat: /var/run/ids/frontend.pid: No such file or directory
mkdir: cannot create directory /var/run/ids: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: No such file or directory
mkdir: cannot create directory /var/run/ids: Permission denied
cat: /var/run/ids/backend.pid: No such file or directory
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: No such file or directory
cat: /var/run/ids/frontend.pid: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_backend.sh: No such file or directory
/bin/sh: line 1: /opt/ids/deployment/check_frontend.sh: No such file or directory
Mon Nov 17 19:19:08 CET 2025: === RESTART SETTIMANALE SISTEMA IDS ===
Mon Nov 17 19:19:18 CET 2025: Pulizia file temporanei...
Mon Nov 17 19:19:18 CET 2025: Riavvio servizi...
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
Mon Nov 17 19:26:38 CET 2025: === RESTART SETTIMANALE SISTEMA IDS ===
Mon Nov 17 19:26:48 CET 2025: Pulizia file temporanei...
Mon Nov 17 19:26:48 CET 2025: Riavvio servizi...
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
pg_dump: error: connection to database "ids_database" failed: FATAL: password authentication failed for user "ids_user"
Tue Nov 18 04:00:02 CET 2025: Backup completato: /opt/ids/backups/ids_backup_20251118_040002.sql.gz
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_backend.sh: line 15: /var/run/ids/backend.pid: Permission denied
/opt/ids/deployment/check_frontend.sh: line 15: /var/run/ids/frontend.pid: Permission denied

132
attached_assets/Pasted-cat-opt-ids-env-grep-DATABASE-URL-DATABASE-URL-postgresql-ids-user-TestPassword123-127-0-0-1-5-1763740601496_1763740601496.txt
View File

@ -1,132 +0,0 @@
cat /opt/ids/.env | grep DATABASE_URL
DATABASE_URL=postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database
[root@ids ids]# psql "$(grep DATABASE_URL /opt/ids/.env | cut -d= -f2)"
psql (13.22)
Type "help" for help.
ids_database=>
ABORT CLUSTER DELETE FROM FETCH MOVE RESET SHOW VALUES
ALTER COMMENT DISCARD GRANT NOTIFY REVOKE START WITH
ANALYZE COMMIT DO IMPORT PREPARE ROLLBACK TABLE
BEGIN COPY DROP INSERT REASSIGN SAVEPOINT TRUNCATE
CALL CREATE END LISTEN REFRESH MATERIALIZED VIEW SECURITY LABEL UNLISTEN
CHECKPOINT DEALLOCATE EXECUTE LOAD REINDEX SELECT UPDATE
CLOSE DECLARE EXPLAIN LOCK RELEASE SET VACUUM
ids_database=> close
ids_database-> ^Z
[3]+ Stopped psql "$(grep DATABASE_URL /opt/ids/.env | cut -d= -f2)"
[root@ids ids]# nano .env
[root@ids ids]# psql "$(grep DATABASE_URL /opt/ids/.env | cut -d= -f2)"
psql (13.22)
Type "help" for help.
ids_database=> ^Z
[4]+ Stopped psql "$(grep DATABASE_URL /opt/ids/.env | cut -d= -f2)"
[root@ids ids]# tail -100 /var/log/ids/frontend.log
4:46:58 PM [express] serving on port 5000
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
4:49:03 PM [express] GET /api/stats 500 in 39ms :: {"error":"Failed to fetch stats"}
4:49:03 PM [express] GET /api/detections 500 in 13ms :: {"error":"Failed to fetch detections"}
4:49:03 PM [express] GET /api/routers 500 in 11ms :: {"error":"Failed to fetch routers"}
4:49:06 PM [express] GET /api/stats 500 in 11ms :: {"error":"Failed to fetch stats"}
4:49:06 PM [express] GET /api/detections 500 in 8ms :: {"error":"Failed to fetch detections"}
4:49:06 PM [express] GET /api/routers 500 in 6ms :: {"error":"Failed to fetch routers"}
4:49:08 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:10 PM [express] GET /api/training-history 500 in 42ms :: {"error":"Failed to fetch training his…
4:49:10 PM [express] GET /api/ml/stats 200 in 70ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:15 PM [express] POST /api/ml/train 200 in 10ms :: {"message":"Training avviato in background","…
4:49:15 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:49:15 PM [express] GET /api/ml/stats 200 in 14ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:21 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
4:49:21 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:27 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:49:27 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:31 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:31 PM [express] GET /api/ml/stats 200 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:33 PM [express] GET /api/routers 500 in 5ms :: {"error":"Failed to fetch routers"}
4:49:36 PM [express] GET /api/whitelist 500 in 4ms :: {"error":"Failed to fetch whitelist"}
4:49:38 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
4:49:39 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
4:49:39 PM [express] GET /api/ml/stats 200 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:41 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:42 PM [express] GET /api/stats 500 in 4ms :: {"error":"Failed to fetch stats"}
4:49:43 PM [express] GET /api/detections 500 in 6ms :: {"error":"Failed to fetch detections"}
4:49:43 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
4:49:44 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:44 PM [express] GET /api/ml/stats 200 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:54 PM [express] GET /api/training-history 500 in 8ms :: {"error":"Failed to fetch training hist…
4:49:54 PM [express] GET /api/ml/stats 304 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:49:57 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:49:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:49:59 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:00 PM [express] GET /api/routers 500 in 3ms :: {"error":"Failed to fetch routers"}
4:50:01 PM [express] GET /api/whitelist 500 in 4ms :: {"error":"Failed to fetch whitelist"}
4:50:02 PM [express] GET /api/training-history 500 in 6ms :: {"error":"Failed to fetch training hist…
4:50:02 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:12 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:50:12 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:22 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:50:22 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:32 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:50:33 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:42 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:50:43 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:50:52 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:50:53 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:02 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:51:03 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:12 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:51:13 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:23 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:51:23 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:33 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:51:33 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:37 PM [express] GET /api/detections 500 in 4ms :: {"error":"Failed to fetch detections"}
4:51:39 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:51:39 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:40 PM [express] GET /api/routers 500 in 4ms :: {"error":"Failed to fetch routers"}
4:51:42 PM [express] GET /api/whitelist 500 in 4ms :: {"error":"Failed to fetch whitelist"}
4:51:43 PM [express] GET /api/training-history 500 in 7ms :: {"error":"Failed to fetch training hist…
4:51:43 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:51:53 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:51:53 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:03 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:52:03 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:13 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:52:13 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:23 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:52:23 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:33 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:52:33 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:43 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:52:43 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:52:53 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
4:52:53 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:03 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:53:03 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:13 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:53:13 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:23 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:53:23 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:33 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:53:33 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:43 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:53:43 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:53:53 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:53:53 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:54:03 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:54:03 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:54:13 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:54:13 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:54:23 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
4:54:23 PM [express] GET /api/ml/stats 304 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
4:54:33 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
4:54:33 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ids]# psql -h 127.0.0.1 -U ids_user -d ids_database
Password for user ids_user:
psql (13.22)
Type "help" for help.
ids_database=> ^Z
[5]+ Stopped psql -h 127.0.0.1 -U ids_user -d ids_database

602
attached_assets/Pasted-cat-training-log-Traceback-most-recent-call-last-File-string-line-1-in-module-ModuleNot-1763454497801_1763454497801.txt
View File

@ -1,602 +0,0 @@
cat training.log
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
[root@ids ids]# cat detect.log
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'requests'

125
attached_assets/Pasted-cd-opt-ids-python-ml-source-venv-bin-activate-python3-main-py-WARNING-Extended-Isolation-Fo-1764092004725_1764092004725.txt
View File

@ -1,125 +0,0 @@
cd /opt/ids/python_ml && source venv/bin/activate && python3 main.py
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
 Starting IDS API on http://0.0.0.0:8000
 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108626]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
(venv) [root@ids python_ml]# ls -la /opt/ids/python_ml/models/
total 22896
drwxr-xr-x. 2 ids ids 4096 Nov 25 18:30 .
drwxr-xr-x. 6 ids ids 4096 Nov 25 12:53 ..
-rw-r--r--. 1 root root 235398 Nov 24 18:55 ensemble_classifier_20251124_185541.pkl
-rw-r--r--. 1 root root 231504 Nov 24 18:59 ensemble_classifier_20251124_185920.pkl
-rw-r--r--. 1 root root 1008222 Nov 24 19:21 ensemble_classifier_20251124_192109.pkl
-rw-r--r--. 1 root root 925566 Nov 24 19:21 ensemble_classifier_20251124_192122.pkl
-rw-r--r--. 1 ids ids 200159 Nov 25 09:03 ensemble_classifier_20251125_090356.pkl
-rw-r--r--. 1 root root 806006 Nov 25 09:27 ensemble_classifier_20251125_092703.pkl
-rw-r--r--. 1 ids ids 286079 Nov 25 12:00 ensemble_classifier_20251125_120016.pkl
-rw-r--r--. 1 ids ids 398464 Nov 25 18:19 ensemble_classifier_20251125_181945.pkl
-rw-r--r--. 1 ids ids 426790 Nov 25 18:27 ensemble_classifier_20251125_182742.pkl
-rw-r--r--. 1 ids ids 423651 Nov 25 18:30 ensemble_classifier_20251125_183049.pkl
-rw-r--r--. 1 root root 806006 Nov 25 09:27 ensemble_classifier_latest.pkl
-rw-r--r--. 1 ids ids 461 Nov 25 00:00 feature_names.json
-rw-r--r--. 1 root root 1695 Nov 24 18:55 feature_selector_20251124_185541.pkl
-rw-r--r--. 1 root root 1695 Nov 24 18:59 feature_selector_20251124_185920.pkl
-rw-r--r--. 1 root root 1695 Nov 24 19:21 feature_selector_20251124_192109.pkl
-rw-r--r--. 1 root root 1695 Nov 24 19:21 feature_selector_20251124_192122.pkl
-rw-r--r--. 1 ids ids 1695 Nov 25 09:03 feature_selector_20251125_090356.pkl
-rw-r--r--. 1 root root 1695 Nov 25 09:27 feature_selector_20251125_092703.pkl
-rw-r--r--. 1 ids ids 1695 Nov 25 12:00 feature_selector_20251125_120016.pkl
-rw-r--r--. 1 ids ids 1695 Nov 25 18:19 feature_selector_20251125_181945.pkl
-rw-r--r--. 1 ids ids 1695 Nov 25 18:27 feature_selector_20251125_182742.pkl
-rw-r--r--. 1 ids ids 1695 Nov 25 18:30 feature_selector_20251125_183049.pkl
-rw-r--r--. 1 root root 1695 Nov 25 09:27 feature_selector_latest.pkl
-rw-r--r--. 1 ids ids 813592 Nov 25 00:00 isolation_forest.joblib
-rw-r--r--. 1 root root 1674808 Nov 24 18:55 isolation_forest_20251124_185541.pkl
-rw-r--r--. 1 root root 1642600 Nov 24 18:59 isolation_forest_20251124_185920.pkl
-rw-r--r--. 1 root root 1482984 Nov 24 19:21 isolation_forest_20251124_192109.pkl
-rw-r--r--. 1 root root 1465736 Nov 24 19:21 isolation_forest_20251124_192122.pkl
-rw-r--r--. 1 ids ids 1139256 Nov 25 09:03 isolation_forest_20251125_090356.pkl
-rw-r--r--. 1 root root 1428424 Nov 25 09:27 isolation_forest_20251125_092703.pkl
-rw-r--r--. 1 ids ids 1855240 Nov 25 12:00 isolation_forest_20251125_120016.pkl
-rw-r--r--. 1 ids ids 1519784 Nov 25 18:19 isolation_forest_20251125_181945.pkl
-rw-r--r--. 1 ids ids 1511688 Nov 25 18:27 isolation_forest_20251125_182742.pkl
-rw-r--r--. 1 ids ids 1559208 Nov 25 18:30 isolation_forest_20251125_183049.pkl
-rw-r--r--. 1 root root 1428424 Nov 25 09:27 isolation_forest_latest.pkl
-rw-r--r--. 1 root root 1661 Nov 24 18:55 metadata_20251124_185541.json
-rw-r--r--. 1 root root 1661 Nov 24 18:59 metadata_20251124_185920.json
-rw-r--r--. 1 root root 1675 Nov 24 19:21 metadata_20251124_192109.json
-rw-r--r--. 1 root root 1675 Nov 24 19:21 metadata_20251124_192122.json
-rw-r--r--. 1 root root 1675 Nov 25 09:27 metadata_20251125_092703.json
-rw-r--r--. 1 root root 1675 Nov 25 09:27 metadata_latest.json
-rw-r--r--. 1 ids ids 2015 Nov 25 00:00 scaler.joblib
-rw-r--r--. 1 root root 1047 Nov 24 18:55 scaler_20251124_185541.pkl
-rw-r--r--. 1 root root 1047 Nov 24 18:59 scaler_20251124_185920.pkl
-rw-r--r--. 1 root root 1047 Nov 24 19:21 scaler_20251124_192109.pkl
-rw-r--r--. 1 root root 1047 Nov 24 19:21 scaler_20251124_192122.pkl
-rw-r--r--. 1 ids ids 1047 Nov 25 09:03 scaler_20251125_090356.pkl
-rw-r--r--. 1 root root 1047 Nov 25 09:27 scaler_20251125_092703.pkl
-rw-r--r--. 1 ids ids 1047 Nov 25 12:00 scaler_20251125_120016.pkl
-rw-r--r--. 1 ids ids 1047 Nov 25 18:19 scaler_20251125_181945.pkl
-rw-r--r--. 1 ids ids 1047 Nov 25 18:27 scaler_20251125_182742.pkl
-rw-r--r--. 1 ids ids 1047 Nov 25 18:30 scaler_20251125_183049.pkl
-rw-r--r--. 1 root root 1047 Nov 25 09:27 scaler_latest.pkl
(venv) [root@ids python_ml]# tail -n 50 /var/log/ids/ml_backend.log
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108413]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108452]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108530]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
(venv) [root@ids python_ml]#

4
attached_assets/Pasted-curl-X-POST-http-localhost-8000-detect-H-Content-Type-a_1767368587291.txt
View File

@ -1,4 +0,0 @@
curl -X POST http://localhost:8000/detect \
-H "Content-Type: application/json" \
-d '{"max_records": 5000, "hours_back": 1, "risk_threshold": 80, "auto_block": true}'
{"detections":[{"source_ip":"108.139.210.107","risk_score":98.55466848373413,"confidence_level":"high","action_recommendation":"auto_block","anomaly_type":"ddos","reason":"High connection rate: 403.7 conn/s","log_count":1211,"total_packets":1211,"total_bytes":2101702,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":95.0},{"source_ip":"216.58.209.54","risk_score":95.52801848493884,"confidence_level":"high","action_recommendation":"auto_block","anomaly_type":"brute_force","reason":"High connection rate: 184.7 conn/s","log_count":554,"total_packets":554,"total_bytes":782397,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":95.0},{"source_ip":"95.127.69.202","risk_score":93.58280514393482,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 93.7 conn/s","log_count":281,"total_packets":281,"total_bytes":369875,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"95.127.72.207","risk_score":92.50694363471318,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 76.3 conn/s","log_count":229,"total_packets":229,"total_bytes":293439,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"95.110.183.67","risk_score":86.42278405656512,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 153.0 conn/s","log_count":459,"total_packets":459,"total_bytes":20822,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"54.75.71.86","risk_score":83.42037059381207,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 58.0 conn/s","log_count":174,"total_packets":174,"total_bytes":25857,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"79.10.127.217","risk_score":82.32814469102843,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 70.0 conn/s","log_count":210,"total_packets":210,"total_bytes":18963,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"142.251.140.100","risk_score":76.61422108557721,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":16,"total_packets":16,"total_bytes":20056,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:53","confidence":75.0},{"source_ip":"142.250.181.161","risk_score":76.3802033958719,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":15,"total_packets":15,"total_bytes":5214,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:51","confidence":75.0},{"source_ip":"142.250.180.131","risk_score":72.7723405111559,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"suspicious","reason":"Anomalous pattern detected (suspicious)","log_count":8,"total_packets":8,"total_bytes":5320,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:53","confidence":75.0},{"source_ip":"157.240.231.60","risk_score":72.26853648050493,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":16,"total_packets":16,"total_bytes":4624,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0}],"total":11,"blocked":0,"message":"Trovate 11 anomalie"}[root@ids python_ml]#

32
attached_assets/Pasted-curl-http-localhost-8000-stats-2-1-logs-total-139583988-last-hour-7497648-detections--1763450777277_1763450777277.txt
View File

File diff suppressed because one or more lines are too long

42
attached_assets/Pasted-head-20-var-log-mikrotik-raw-log-Nov-17-16-52-16-FIBRA-forward-in-sfp-sfpplus1-VS-FTTO-out-sfp-sf-1763400878278_1763400878278.txt
View File

@ -1,42 +0,0 @@
head -20 /var/log/mikrotik/raw.log
Nov 17 16:52:16 FIBRA forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 185.203.26.34:55841->192.178.203.94:443, len 1280
Nov 17 16:52:16 FIBRA forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 185.203.26.34:55841->192.178.203.94:443, len 1280
Nov 17 16:52:16 FIBRA forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 185.203.26.34:55841->192.178.203.94:443, len 1280
Nov 17 16:52:16 FIBRA forward: in:sfp-sfpplus1_VS_FTTO out:sfp-sfpplus2_VS_AS, connection-state:new src-mac c4:ad:34:25:a7:b5, proto UDP, 185.203.26.34:55841->192.178.203.94:443, len 1280
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:9991->185.203.26.77:53, len 65
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:9991->185.203.26.77:53, len 65
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:43863->185.203.26.34:8472, len 210
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:43863->185.203.26.34:8472, len 210
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:56224->172.67.143.237:80, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:56224->172.67.143.237:80, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:56225->172.67.143.237:80, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:56225->172.67.143.237:80, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:58268->172.67.143.237:443, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:58268->172.67.143.237:443, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-1018_mario.alfieri> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.138:56676->172.67.143.237:80, len 60
Nov 17 16:52:16 FIBRA forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:35832->192.168.25.254:80, len 60
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:56670->185.203.26.34:8472, len 178
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:sfp-sfpplus1_VS_FTTO, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 82.62.84.108:56670->185.203.26.34:8472, len 178
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 72.46.85.161:43970->185.203.24.135:51688, len 44
Nov 17 16:52:16 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 72.46.85.161:43970->185.203.24.135:51688, len 44
[root@ids python_ml]# tail -20 /var/log/mikrotik/raw.log
Nov 17 18:34:26 FIBRA forward: in:<pppoe-023_maria.barba> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 98:da:c4:75:8c:fb, proto UDP, 10.0.254.170:56065->104.20.23.252:443, len 1278
Nov 17 18:34:26 FIBRA forward: in:<pppoe-023_maria.barba> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 98:da:c4:75:8c:fb, proto UDP, 10.0.254.170:56065->104.20.23.252:443, len 1278
Nov 17 18:34:26 FIBRA forward: in:<pppoe-023_maria.barba> out:sfp-sfpplus2_VS_AS, connection-state:new,snat src-mac 98:da:c4:75:8c:fb, proto UDP, 10.0.254.170:56065->104.20.23.252:443, NAT (10.0.254.170:56065->185.203.27.253:56065)->104.20.23.252:443, len 1278
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 126.220.199.81:32730->185.203.25.204:53, len 82
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 126.220.199.81:32730->185.203.25.204:53, len 82
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 160.202.129.17:43994->185.203.24.15:56929, len 44
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 160.202.129.17:43994->185.203.24.15:56929, len 44
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 95.216.123.229:4653->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 95.216.123.229:4653->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:28065->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:28065->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 168.227.31.21:59518->185.203.25.204:53, len 63
Nov 17 18:34:26 FIBRA forward: in:<pppoe-1099_maddalena.esposito> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.242:47946->3.223.194.130:443, len 60
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-gaetano.dibenedetto>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 168.227.31.21:59518->185.203.25.204:53, len 63
Nov 17 18:34:26 FIBRA forward: in:<pppoe-1099_maddalena.esposito> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 10.0.254.242:47946->3.223.194.130:443, len 60
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:3117->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:3117->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:30733->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-571_alberto.apostolico>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto UDP, 198.251.84.34:30733->185.203.26.77:53, len 65
Nov 17 18:34:26 FIBRA detected-ddos forward: in:sfp-sfpplus2_VS_AS out:VLAN53_PPOE_DATACENTER, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 35.203.211.209:50481->185.203.24.138:27482, len 44

51
attached_assets/Pasted-journalctl-u-ids-list-fetcher-n-50-no-pager-Jan-02-12-5_1767354943964.txt
View File

@ -1,51 +0,0 @@
journalctl -u ids-list-fetcher -n 50 --no-pager
Jan 02 12:50:02 ids.alfacom.it ids-list-fetcher[5900]: ============================================================
Jan 02 12:50:02 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 12:50:02 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.
Jan 02 12:54:56 ids.alfacom.it systemd[1]: Starting IDS Public Lists Fetcher Service...
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: [2026-01-02 12:54:56] PUBLIC LISTS SYNC
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: Found 2 enabled lists
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: [12:54:56] Downloading Spamhaus from https://www.spamhaus.org/drop/drop_v4.json...
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: [12:54:56] Downloading AWS from https://ip-ranges.amazonaws.com/ip-ranges.json...
Jan 02 12:54:56 ids.alfacom.it ids-list-fetcher[6290]: [12:54:56] Parsing AWS...
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: [12:54:57] Found 9548 IPs, syncing to database...
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: [12:54:57] ✓ AWS: +0 -0 ~9511
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: [12:54:57] Parsing Spamhaus...
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: [12:54:57] Found 1468 IPs, syncing to database...
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: [12:54:57] ✗ Spamhaus: ON CONFLICT DO UPDATE command cannot affect row a second time
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: HINT: Ensure that no rows proposed for insertion within the same command have duplicate constrained values.
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: SYNC SUMMARY
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Success: 1/2
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Errors: 1/2
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Total IPs Added: 0
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Total IPs Removed: 0
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: RUNNING MERGE LOGIC
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ERROR:merge_logic:Failed to cleanup detections: operator does not exist: inet = text
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: LINE 9: d.source_ip::inet = wl.ip_inet
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ^
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ERROR:merge_logic:Failed to sync detections: operator does not exist: text <<= text
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: LINE 30: OR bl.ip_inet <<= wl.ip_inet
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ^
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Traceback (most recent call last):
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: File "/opt/ids/python_ml/merge_logic.py", line 264, in sync_public_blacklist_detections
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: cur.execute("""
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: psycopg2.errors.UndefinedFunction: operator does not exist: text <<= text
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: LINE 30: OR bl.ip_inet <<= wl.ip_inet
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ^
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Merge Logic Stats:
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Created detections: 0
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Cleaned invalid detections: 0
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: Skipped (whitelisted): 0
Jan 02 12:54:57 ids.alfacom.it ids-list-fetcher[6290]: ============================================================
Jan 02 12:54:57 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 12:54:57 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.

51
attached_assets/Pasted-journalctl-u-ids-list-fetcher-n-50-no-pager-Jan-02-16-1_1767366961971.txt
View File

@ -1,51 +0,0 @@
journalctl -u ids-list-fetcher -n 50 --no-pager
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: Merge Logic Stats:
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: Created detections: 0
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: Cleaned invalid detections: 0
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: Skipped (whitelisted): 0
Jan 02 16:11:31 ids.alfacom.it ids-list-fetcher[10401]: ============================================================
Jan 02 16:11:31 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 16:11:31 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.
Jan 02 16:15:04 ids.alfacom.it systemd[1]: Starting IDS Public Lists Fetcher Service...
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [2026-01-02 16:15:04] PUBLIC LISTS SYNC
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: Found 2 enabled lists
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] Downloading Spamhaus from https://www.spamhaus.org/drop/drop_v4.json...
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] Downloading AWS from https://ip-ranges.amazonaws.com/ip-ranges.json...
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] Parsing Spamhaus...
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] Found 1468 IPs, syncing to database...
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] ✓ Spamhaus: +0 -0 ~1468
Jan 02 16:15:04 ids.alfacom.it ids-list-fetcher[10801]: [16:15:04] Parsing AWS...
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: [16:15:05] Found 9548 IPs, syncing to database...
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: [16:15:05] ✓ AWS: +9548 -0 ~0
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: SYNC SUMMARY
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Success: 2/2
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Errors: 0/2
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Total IPs Added: 9548
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Total IPs Removed: 0
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: RUNNING MERGE LOGIC
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ERROR:merge_logic:Failed to sync detections: column "risk_score" is of type numeric but expression is of type text
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: LINE 13: '75',
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ^
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: HINT: You will need to rewrite or cast the expression.
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Traceback (most recent call last):
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: File "/opt/ids/python_ml/merge_logic.py", line 264, in sync_public_blacklist_detections
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: cur.execute("""
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: psycopg2.errors.DatatypeMismatch: column "risk_score" is of type numeric but expression is of type text
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: LINE 13: '75',
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ^
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: HINT: You will need to rewrite or cast the expression.
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Merge Logic Stats:
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Created detections: 0
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Cleaned invalid detections: 0
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: Skipped (whitelisted): 0
Jan 02 16:15:05 ids.alfacom.it ids-list-fetcher[10801]: ============================================================
Jan 02 16:15:05 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 16:15:05 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.

44
attached_assets/Pasted-journalctl-u-ids-ml-backend-n-50-no-pager-Nov-22-10-35-57-ids-alfacom-it-systemd-1-Started-IDS-1763804259148_1763804259148.txt
View File

@ -1,44 +0,0 @@
journalctl -u ids-ml-backend -n 50 --no-pager
Nov 22 10:35:57 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:35:57 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:35:57 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:07 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 1.
Nov 22 10:36:07 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:07 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:07 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:07 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 2.
Nov 22 10:36:18 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:18 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:18 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:28 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 3.
Nov 22 10:36:28 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:28 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:28 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:28 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:38 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 4.
Nov 22 10:36:38 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:38 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:38 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:38 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:48 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 5.
Nov 22 10:36:48 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:48 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:48 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:48 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:36:59 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 6.
Nov 22 10:36:59 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:36:59 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:36:59 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:36:59 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:37:09 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 7.
Nov 22 10:37:09 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:37:09 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:37:09 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:37:09 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 22 10:37:19 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 8.
Nov 22 10:37:19 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 22 10:37:19 ids.alfacom.it systemd[1]: Started IDS ML Backend (FastAPI).
Nov 22 10:37:19 ids.alfacom.it systemd[1]: ids-ml-backend.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 10:37:19 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.

82
attached_assets/Pasted-netstat-tlnp-grep-8000-tcp-0-0-0-0-0-0-8000-0-0-0-0-LISTEN-1764092119907_1764092119907.txt
View File

@ -1,82 +0,0 @@
netstat -tlnp | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 106309/python3.11
(venv) [root@ids python_ml]# lsof -i :8000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
python3.1 106309 ids 7u IPv4 805799 0t0 TCP *:irdmi (LISTEN)
(venv) [root@ids python_ml]# kill -9 106309
(venv) [root@ids python_ml]# lsof -i :8000
(venv) [root@ids python_ml]# pkill -9 -f "python.*8000"
(venv) [root@ids python_ml]# pkill -9 -f "python.*main.py"
(venv) [root@ids python_ml]# sudo systemctl restart ids-ml-backend
Job for ids-ml-backend.service failed because the control process exited with error code.
See "systemctl status ids-ml-backend.service" and "journalctl -xeu ids-ml-backend.service" for details.
(venv) [root@ids python_ml]# sudo systemctl status ids-ml-backend
× ids-ml-backend.service - IDS ML Backend (FastAPI)
Loaded: loaded (/etc/systemd/system/ids-ml-backend.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Tue 2025-11-25 18:31:08 CET; 3min 37s ago
Duration: 2.490s
Process: 108530 ExecStart=/opt/ids/python_ml/venv/bin/python3 main.py (code=exited, status=1/FAILURE)
Main PID: 108530 (code=exited, status=1/FAILURE)
CPU: 3.987s
Nov 25 18:31:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Scheduled restart job, restart counter is at 5.
Nov 25 18:31:08 ids.alfacom.it systemd[1]: Stopped IDS ML Backend (FastAPI).
Nov 25 18:31:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Consumed 3.987s CPU time.
Nov 25 18:31:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Start request repeated too quickly.
Nov 25 18:31:08 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 18:31:08 ids.alfacom.it systemd[1]: Failed to start IDS ML Backend (FastAPI).
Nov 25 18:34:35 ids.alfacom.it systemd[1]: ids-ml-backend.service: Start request repeated too quickly.
Nov 25 18:34:35 ids.alfacom.it systemd[1]: ids-ml-backend.service: Failed with result 'exit-code'.
Nov 25 18:34:35 ids.alfacom.it systemd[1]: Failed to start IDS ML Backend (FastAPI).
(venv) [root@ids python_ml]# tail -n 50 /var/log/ids/ml_backend.log
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108413]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108452]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
INFO: Started server process [108530]
INFO: Waiting for application startup.
INFO: Application startup complete.
ERROR: [Errno 98] error while attempting to bind on address ('0.0.0.0', 8000): address already in use
INFO: Waiting for application shutdown.
INFO: Application shutdown complete.
[WARNING] Extended Isolation Forest not available, using standard IF
[ML] Using Hybrid ML Detector (Extended Isolation Forest + Feature Selection)
[HYBRID] Ensemble classifier loaded
[HYBRID] Models loaded (version: latest)
[HYBRID] Selected features: 18/25
[HYBRID] Mode: Hybrid (IF + Ensemble)
[ML] ✓ Hybrid detector models loaded and ready
🚀 Starting IDS API on http://0.0.0.0:8000
📚 Docs available at http://0.0.0.0:8000/docs
(venv) [root@ids python_ml]#

51
attached_assets/Pasted-ournalctl-u-ids-list-fetcher-n-50-no-pager-Jan-02-12-30_1767354386554.txt
View File

@ -1,51 +0,0 @@
ournalctl -u ids-list-fetcher -n 50 --no-pager
Jan 02 12:30:01 ids.alfacom.it ids-list-fetcher[5571]: Cleaned invalid detections: 0
Jan 02 12:30:01 ids.alfacom.it ids-list-fetcher[5571]: Skipped (whitelisted): 0
Jan 02 12:30:01 ids.alfacom.it ids-list-fetcher[5571]: ============================================================
Jan 02 12:30:01 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 12:30:01 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.
Jan 02 12:40:01 ids.alfacom.it systemd[1]: Starting IDS Public Lists Fetcher Service...
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: [2026-01-02 12:40:01] PUBLIC LISTS SYNC
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: Found 2 enabled lists
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: [12:40:01] Downloading Spamhaus from https://www.spamhaus.org/drop/drop_v4.json...
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: [12:40:01] Downloading AWS from https://ip-ranges.amazonaws.com/ip-ranges.json...
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: [12:40:01] Parsing AWS...
Jan 02 12:40:01 ids.alfacom.it ids-list-fetcher[5730]: [12:40:01] Found 9548 IPs, syncing to database...
Jan 02 12:40:02 ids.alfacom.it ids-list-fetcher[5730]: [12:40:02] ✓ AWS: +9511 -0 ~0
Jan 02 12:40:02 ids.alfacom.it ids-list-fetcher[5730]: [12:40:02] Parsing Spamhaus...
Jan 02 12:40:02 ids.alfacom.it ids-list-fetcher[5730]: [12:40:02] ✗ Spamhaus: No valid IPs found in list
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: SYNC SUMMARY
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Success: 1/2
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Errors: 1/2
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Total IPs Added: 9511
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Total IPs Removed: 0
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: RUNNING MERGE LOGIC
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ERROR:merge_logic:Failed to cleanup detections: operator does not exist: inet = text
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: LINE 9: d.source_ip::inet = wl.ip_inet
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ^
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ERROR:merge_logic:Failed to sync detections: operator does not exist: text <<= text
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: LINE 30: OR bl.ip_inet <<= wl.ip_inet
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ^
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Traceback (most recent call last):
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: File "/opt/ids/python_ml/merge_logic.py", line 264, in sync_public_blacklist_detections
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: cur.execute("""
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: psycopg2.errors.UndefinedFunction: operator does not exist: text <<= text
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: LINE 30: OR bl.ip_inet <<= wl.ip_inet
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ^
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: HINT: No operator matches the given name and argument types. You might need to add explicit type casts.
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Merge Logic Stats:
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Created detections: 0
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Cleaned invalid detections: 0
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: Skipped (whitelisted): 0
Jan 02 12:40:03 ids.alfacom.it ids-list-fetcher[5730]: ============================================================
Jan 02 12:40:03 ids.alfacom.it systemd[1]: ids-list-fetcher.service: Deactivated successfully.
Jan 02 12:40:03 ids.alfacom.it systemd[1]: Finished IDS Public Lists Fetcher Service.

48
attached_assets/Pasted-pkill-f-syslog-parser-root-ids-python-ml-sudo-u-ids-nohup-python3-11-syslog-parser-py-var-lo-1763401177900_1763401177900.txt
View File

@ -1,48 +0,0 @@
pkill -f syslog_parser
[root@ids python_ml]# sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[2] 60160
[1] Terminated sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1
[root@ids python_ml]# sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[3] 60164
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^
[ERROR] Errore salvataggio log: relation "network_logs" does not exist
LINE 2: INSERT INTO network_logs
^

121
attached_assets/Pasted-psql-DATABASE-URL-EOF-Conta-record-in-ogni-tabella-SELECT-network-logs-as-table-name-COU-1763743634660_1763743634660.txt
View File

@ -1,121 +0,0 @@
psql $DATABASE_URL << 'EOF'
-- Conta record in ogni tabella
SELECT 'network_logs' as table_name, COUNT(*) as count FROM network_logs
UNION ALL
SELECT 'detections', COUNT(*) FROM detections
UNION ALL
SELECT 'training_history', COUNT(*) FROM training_history
UNION ALL
SELECT 'routers', COUNT(*) FROM routers
UNION ALL
SELECT 'whitelist', COUNT(*) FROM whitelist;
-- Mostra ultimi 5 log di rete
SELECT timestamp, source_ip, destination_ip, protocol, router_name
FROM network_logs
ORDER BY timestamp DESC
LIMIT 5;
-- Mostra training history
SELECT * FROM training_history ORDER BY trained_at DESC LIMIT 5;
-- Mostra detections
SELECT * FROM detections ORDER BY detected_at DESC LIMIT 5;
EOF
table_name | count
------------------+-------
network_logs | 0
detections | 0
training_history | 0
routers | 1
whitelist | 0
(5 rows)
timestamp | source_ip | destination_ip | protocol | router_name
-----------+-----------+----------------+----------+-------------
(0 rows)
id | model_version | records_processed | features_count | accuracy | training_duration | status | notes | trained_at
----+---------------+-------------------+----------------+----------+-------------------+--------+-------+------------
(0 rows)
id | source_ip | risk_score | confidence | anomaly_type | reason | log_count | first_seen | last_seen | blocked | blocked_at | detected_at
----+-----------+------------+------------+--------------+--------+-----------+------------+-----------+---------+------------+-------------
(0 rows)
[root@ids ids]# curl -s http://localhost:8000/stats | jq .
{
"logs": {
"total": 0,
"last_hour": 0
},
"detections": {
"total": 0,
"blocked": 0
},
"routers": {
"active": 1
},
"latest_training": null
}
[root@ids ids]# tail -50 /var/log/ids/syslog_parser.log
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[INFO] Processate 417737400 righe, salvate 417728626 log
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend file "base/16384/16940.223": No space left on device
HINT: Check free disk space.
[ERROR] Errore salvataggio log: could not extend fil[root@ids ids]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 7.7G 16K 7.7G 1% /dev/shm
tmpfs 3.1G 8.8M 3.1G 1% /run
efivarfs 256K 32K 220K 13% /sys/firmware/efi/efivars
/dev/mapper/almalinux_ids-root 491G 40G 451G 9% /
/dev/sda2 960M 327M 634M 34% /boot
/dev/sda1 599M 7.1M 592M 2% /boot/efi
tmpfs 1.6G 0 1.6G 0% /run/user/0
tmpfs 1.6G 0 1.6G 0% /run/user/1000

48
attached_assets/Pasted-psql-h-127-0-0-1-U-ids-user-d-ids-database-c-SELECT-COUNT-AS-totale-log-FROM-network-logs--1763401984485_1763401984485.txt
View File

@ -1,48 +0,0 @@
psql -h 127.0.0.1 -U ids_user -d ids_database -c "SELECT COUNT(*) AS totale_log FROM network_logs;"
totale_log
------------
593421
(1 row)
[root@ids python_ml]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "SELECT timestamp, router_name, source_ip, destination_ip, protocol, action FROM network_logs ORDER BY
timestamp DESC LIMIT 10;"
timestamp | router_name | source_ip | destination_ip | protocol | action
---------------------+-------------+----------------+----------------+----------+---------
2025-11-17 18:52:08 | FIBRA | 185.203.25.162 | 191.101.79.84 | tcp | forward
2025-11-17 18:52:08 | FIBRA | 185.203.25.46 | 142.251.209.42 | udp | forward
2025-11-17 18:52:08 | FIBRA | 185.203.25.46 | 142.251.209.42 | udp | forward
2025-11-17 18:52:08 | FIBRA | 185.203.25.46 | 142.251.209.42 | udp | forward
2025-11-17 18:52:08 | FIBRA | 185.203.25.46 | 142.251.209.42 | udp | forward
2025-11-17 18:52:08 | FIBRA | 185.203.25.46 | 142.251.209.42 | udp | forward
2025-11-17 18:52:08 | FIBRA | 95.216.123.229 | 185.203.26.77 | udp | ddos
2025-11-17 18:52:08 | FIBRA | 95.216.123.229 | 185.203.26.77 | udp | ddos
2025-11-17 18:52:08 | FIBRA | 10.0.254.71 | 216.58.204.234 | udp | forward
2025-11-17 18:52:08 | FIBRA | 10.0.254.71 | 216.58.204.234 | udp | forward
(10 rows)
[root@ids python_ml]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "SELECT router_name, COUNT(*) as log_count FROM network_logs GROUP BY router_name ORDER BY log_count DESC;"
router_name | log_count
-------------+-----------
FIBRA | 670503
(1 row)
[root@ids python_ml]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "SELECT COUNT(*) as ddos_count FROM network_logs WHERE action = 'ddos';"
ddos_count
------------
305424
(1 row)
[root@ids python_ml]# psql -h 127.0.0.1 -U ids_user -d ids_database -c "SELECT source_ip, COUNT(*) as count FROM network_logs GROUP BY source_ip ORDER BY count DESC LIMIT 10;"
source_ip | count
----------------+--------
185.203.25.162 | 131859
198.251.84.34 | 110069
185.203.26.201 | 35745
185.203.25.233 | 19784
185.203.24.22 | 18885
82.62.84.108 | 13827
185.203.25.211 | 10483
10.1.0.254 | 9414
126.220.199.81 | 8574
185.203.25.50 | 8422
(10 rows)

54
attached_assets/Pasted-python-train-hybrid-py-test-WARNING-Extended-Isolation-Forest-not-available-using-standard-IF--1764006677142_1764006677142.txt
View File

@ -1,54 +0,0 @@
python train_hybrid.py --test
[WARNING] Extended Isolation Forest not available, using standard IF
======================================================================
IDS HYBRID ML TEST - SYNTHETIC DATA
======================================================================
INFO:dataset_loader:Creating sample dataset (10000 samples)...
INFO:dataset_loader:Sample dataset created: 10000 rows
INFO:dataset_loader:Attack distribution:
attack_type
normal 8981
brute_force 273
suspicious 258
ddos 257
port_scan 231
Name: count, dtype: int64
[TEST] Created synthetic dataset: 10000 samples
Normal: 8,981 (89.8%)
Attacks: 1,019 (10.2%)
[TEST] Training on 6,281 normal samples...
[HYBRID] Training hybrid model on 6281 logs...
❌ Error: 'timestamp'
Traceback (most recent call last):
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/indexes/base.py", line 3790, in get_loc
return self._engine.get_loc(casted_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "index.pyx", line 152, in pandas._libs.index.IndexEngine.get_loc
File "index.pyx", line 181, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 7080, in pandas._libs.hashtable.PyObjectHashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 7088, in pandas._libs.hashtable.PyObjectHashTable.get_item
KeyError: 'timestamp'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/ids/python_ml/train_hybrid.py", line 361, in main
test_on_synthetic(args)
File "/opt/ids/python_ml/train_hybrid.py", line 249, in test_on_synthetic
detector.train_unsupervised(normal_train)
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 204, in train_unsupervised
features_df = self.extract_features(logs_df)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/ml_hybrid_detector.py", line 98, in extract_features
logs_df['timestamp'] = pd.to_datetime(logs_df['timestamp'])
~~~~~~~^^^^^^^^^^^^^
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/frame.py", line 3893, in __getitem__
indexer = self.columns.get_loc(key)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/ids/python_ml/venv/lib64/python3.11/site-packages/pandas/core/indexes/base.py", line 3797, in get_loc
raise KeyError(key) from err
KeyError: 'timestamp'

70
attached_assets/Pasted-sudo-cp-var-lib-pgsql-data-pg-hba-conf-var-lib-pgsql-data-pg-hba-conf-backup-manual-root-ids-pyth-1763397517711_1763397517711.txt
View File

@ -1,70 +0,0 @@
sudo cp /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf.backup_manual
[root@ids python_ml]# sudo sed -i '/^local.*ids_database.*ids_user/d' /var/lib/pgsql/data/pg_hba.conf
sudo sed -i '/^host.*ids_database.*ids_user/d' /var/lib/pgsql/data/pg_hba.conf
[root@ids python_ml]# cat << 'EOF' | sudo tee -a /var/lib/pgsql/data/pg_hba.conf
# IDS Database - SCRAM-SHA-256
local ids_database ids_user scram-sha-256
host ids_database ids_user 127.0.0.1/32 scram-sha-256
host ids_database ids_user ::1/128 scram-sha-256
EOF
# IDS Database - SCRAM-SHA-256
local ids_database ids_user scram-sha-256
host ids_database ids_user 127.0.0.1/32 scram-sha-256
host ids_database ids_user ::1/128 scram-sha-256
[root@ids python_ml]# systemctl reload postgresql
[root@ids python_ml]# sudo grep "ids_database" /var/lib/pgsql/data/pg_hba.conf
local ids_database ids_user scram-sha-256
host ids_database ids_user 127.0.0.1/32 scram-sha-256
host ids_database ids_user ::1/128 scram-sha-256
[root@ids python_ml]# export PGPASSWORD="TestPassword123"
[root@ids python_ml]# psql -h ::1 -U ids_user -d ids_database -c "SELECT 1;"
?column?
----------
1
(1 row)
[root@ids python_ml]# pkill -f syslog_parser
[root@ids python_ml]# sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[1] 59373
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
nohup: ignoring input
=== SYSLOG PARSER PER ROUTER MIKROTIK ===
Pressione Ctrl+C per interrompere
[ERROR] Connessione database fallita: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"
[INFO] Disconnesso da PostgreSQL
Traceback (most recent call last):
File "/opt/ids/python_ml/syslog_parser.py", line 215, in <module>
main()
File "/opt/ids/python_ml/syslog_parser.py", line 203, in main
parser.connect_db()
File "/opt/ids/python_ml/syslog_parser.py", line 48, in connect_db
self.conn = psycopg2.connect(**self.db_config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ids/.local/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.OperationalError: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"
[1]+ Exit 1 sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1
[root@ids python_ml]# tail -20 /var/log/ids/syslog_parser.log
nohup: ignoring input
=== SYSLOG PARSER PER ROUTER MIKROTIK ===
Pressione Ctrl+C per interrompere
[ERROR] Connessione database fallita: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"
[INFO] Disconnesso da PostgreSQL
Traceback (most recent call last):
File "/opt/ids/python_ml/syslog_parser.py", line 215, in <module>
main()
File "/opt/ids/python_ml/syslog_parser.py", line 203, in main
parser.connect_db()
File "/opt/ids/python_ml/syslog_parser.py", line 48, in connect_db
self.conn = psycopg2.connect(**self.db_config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ids/.local/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
psycopg2.OperationalError: connection to server at "localhost" (::1), port 5432 failed: FATAL: password authentication failed for user "ids_user"

208
attached_assets/Pasted-sudo-systemctl-restart-ids-syslog-parser-Failed-to-restart-ids-syslog-parser-service-Unit-ids-syslo-1763802098263_1763802098263.txt
View File

@ -1,208 +0,0 @@
sudo systemctl restart ids-syslog-parser
Failed to restart ids-syslog-parser.service: Unit ids-syslog-parser.service not found.
[root@ids python_ml]# tail -10 /var/log/mikrotik/raw.log
forward: in:<pppoe-cava.pompe-1> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 24:5a:4c:3e:a8:2a, proto UDP, 10.0.249.130:44595->165.154.165.238:8800, len 68
forward: in:<pppoe-cava.pompe-1> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 24:5a:4c:3e:a8:2a, proto UDP, 10.0.249.130:44595->165.154.165.238:8800, len 68
forward: in:<pppoe-cava.pompe-1> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 24:5a:4c:3e:a8:2a, proto UDP, 10.0.249.130:44594->93.150.220.226:4917, len 72
forward: in:<pppoe-cava.pompe-1> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 24:5a:4c:3e:a8:2a, proto UDP, 10.0.249.130:44594->93.150.220.226:4917, len 72
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:56352->192.168.25.254:80, len 60
forward: in:<pppoe-caronte.hightek_01> out:sfp-sfpplus2_VS_AS, connection-state:new proto TCP (SYN), 185.203.25.233:56352->192.168.25.254:80, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfabitomega>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 5.99.210.125:23084->185.203.24.2:10204, len 60
detected-ddos forward: in:sfp-sfpplus2_VS_AS out:<pppoe-alfabitomega>, connection-state:new src-mac 18:fd:74:7c:aa:85, proto TCP (SYN), 5.99.210.125:23084->185.203.24.2:10204, len 60
forward: in:<pppoe-1471_1115_nappicarol> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:6a:cc, proto UDP, 10.0.254.67:39651->142.250.180.142:443, len 1378
forward: in:<pppoe-1471_1115_nappicarol> out:sfp-sfpplus2_VS_AS, connection-state:new src-mac 84:d8:1b:68:6a:cc, proto UDP, 10.0.254.67:39651->142.250.180.142:443, len 1378
[root@ids python_ml]# nohup sudo -u ids python3 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
[3] 13114
[root@ids python_ml]# tail -f /var/log/ids/syslog_parser.log
nohup: ignoring input
=== SYSLOG PARSER PER ROUTER MIKROTIK ===
Pressione Ctrl+C per interrompere
[DEBUG] Avvio syslog_parser...
[DEBUG] Caricamento .env da /opt/ids/.env...
[DEBUG] .env caricato
[DEBUG] Configurazione database:
[DEBUG] Host: localhost
[DEBUG] Port: 5432
[DEBUG] Database: ids_database
[DEBUG] User: ids_user
[DEBUG] File log: /var/log/mikrotik/raw.log
[INFO] File log trovato: /var/log/mikrotik/raw.log
[DEBUG] Creazione parser...
[DEBUG] Connessione database...
[INFO] Connesso a PostgreSQL
[INFO] Avvio processamento log (modalità follow)...
[INFO] Processando /var/log/mikrotik/raw.log (follow=True)
[INFO] Processate 100 righe, salvate 0 log
[INFO] Processate 200 righe, salvate 0 log
[INFO] Processate 300 righe, salvate 0 log
[INFO] Processate 400 righe, salvate 0 log
[INFO] Processate 500 righe, salvate 0 log
[INFO] Processate 600 righe, salvate 0 log
[INFO] Processate 700 righe, salvate 0 log
[INFO] Processate 800 righe, salvate 0 log
[INFO] Processate 900 righe, salvate 0 log
[INFO] Processate 1000 righe, salvate 0 log
[INFO] Processate 1100 righe, salvate 0 log
[INFO] Processate 1200 righe, salvate 0 log
[INFO] Processate 1300 righe, salvate 0 log
[INFO] Processate 1400 righe, salvate 0 log
[INFO] Processate 1500 righe, salvate 0 log
[INFO] Processate 1600 righe, salvate 0 log
[INFO] Processate 1700 righe, salvate 0 log
[INFO] Processate 1800 righe, salvate 0 log
[INFO] Processate 1900 righe, salvate 0 log
[INFO] Processate 2000 righe, salvate 0 log
[INFO] Processate 2100 righe, salvate 0 log
[INFO] Processate 2200 righe, salvate 0 log
[INFO] Processate 2300 righe, salvate 0 log
[INFO] Processate 2400 righe, salvate 0 log
[INFO] Processate 2500 righe, salvate 0 log
[INFO] Processate 2600 righe, salvate 0 log
[INFO] Processate 2700 righe, salvate 0 log
[INFO] Processate 2800 righe, salvate 0 log
[INFO] Processate 2900 righe, salvate 0 log
[INFO] Processate 3000 righe, salvate 0 log
[INFO] Processate 3100 righe, salvate 0 log
[INFO] Processate 3200 righe, salvate 0 log
[INFO] Processate 3300 righe, salvate 0 log
[INFO] Processate 3400 righe, salvate 0 log
[INFO] Processate 3500 righe, salvate 0 log
[INFO] Processate 3600 righe, salvate 0 log
[INFO] Processate 3700 righe, salvate 0 log
[INFO] Processate 3800 righe, salvate 0 log
[INFO] Processate 3900 righe, salvate 0 log
[INFO] Processate 4000 righe, salvate 0 log
[INFO] Processate 4100 righe, salvate 0 log
[INFO] Processate 4200 righe, salvate 0 log
[INFO] Processate 4300 righe, salvate 0 log
[INFO] Processate 4400 righe, salvate 0 log
[INFO] Processate 4500 righe, salvate 0 log
[INFO] Processate 4600 righe, salvate 0 log
[INFO] Processate 4700 righe, salvate 0 log
[INFO] Processate 4800 righe, salvate 0 log
[INFO] Processate 4900 righe, salvate 0 log
[INFO] Processate 5000 righe, salvate 0 log
[INFO] Processate 5100 righe, salvate 0 log
[INFO] Processate 5200 righe, salvate 0 log
[INFO] Processate 5300 righe, salvate 0 log
[INFO] Processate 5400 righe, salvate 0 log
[INFO] Processate 5500 righe, salvate 0 log
[INFO] Processate 5600 righe, salvate 0 log
[INFO] Processate 5700 righe, salvate 0 log
[INFO] Processate 5800 righe, salvate 0 log
[INFO] Processate 5900 righe, salvate 0 log
[INFO] Processate 6000 righe, salvate 0 log
[INFO] Processate 6100 righe, salvate 0 log
[INFO] Processate 6200 righe, salvate 0 log
[INFO] Processate 6300 righe, salvate 0 log
[INFO] Processate 6400 righe, salvate 0 log
[INFO] Processate 6500 righe, salvate 0 log
[INFO] Processate 6600 righe, salvate 0 log
[INFO] Processate 6700 righe, salvate 0 log
[INFO] Processate 6800 righe, salvate 0 log
[INFO] Processate 6900 righe, salvate 0 log
[INFO] Processate 7000 righe, salvate 0 log
[INFO] Processate 7100 righe, salvate 0 log
[INFO] Processate 7200 righe, salvate 0 log
[INFO] Processate 7300 righe, salvate 0 log
[INFO] Processate 7400 righe, salvate 0 log
[INFO] Processate 7500 righe, salvate 0 log
[INFO] Processate 7600 righe, salvate 0 log
[INFO] Processate 7700 righe, salvate 0 log
[INFO] Processate 7800 righe, salvate 0 log
[INFO] Processate 7900 righe, salvate 0 log
[INFO] Processate 8000 righe, salvate 0 log
[INFO] Processate 8100 righe, salvate 0 log
[INFO] Processate 8200 righe, salvate 0 log
[INFO] Processate 8300 righe, salvate 0 log
[INFO] Processate 8400 righe, salvate 0 log
[INFO] Processate 8500 righe, salvate 0 log
[INFO] Processate 8600 righe, salvate 0 log
[INFO] Processate 8700 righe, salvate 0 log
[INFO] Processate 8800 righe, salvate 0 log
[INFO] Processate 8900 righe, salvate 0 log
[INFO] Processate 9000 righe, salvate 0 log
[INFO] Processate 9100 righe, salvate 0 log
[INFO] Processate 9200 righe, salvate 0 log
[INFO] Processate 9300 righe, salvate 0 log
[INFO] Processate 9400 righe, salvate 0 log
[INFO] Processate 9500 righe, salvate 0 log
[INFO] Processate 9600 righe, salvate 0 log
[INFO] Processate 9700 righe, salvate 0 log
[INFO] Processate 9800 righe, salvate 0 log
[INFO] Processate 9900 righe, salvate 0 log
[INFO] Processate 10000 righe, salvate 0 log
[INFO] Processate 10100 righe, salvate 0 log
[INFO] Processate 10200 righe, salvate 0 log
[INFO] Processate 10300 righe, salvate 0 log
[INFO] Processate 10400 righe, salvate 0 log
[INFO] Processate 10500 righe, salvate 0 log
[INFO] Processate 10600 righe, salvate 0 log
[INFO] Processate 10700 righe, salvate 0 log
[INFO] Processate 10800 righe, salvate 0 log
[INFO] Processate 10900 righe, salvate 0 log
[INFO] Processate 11000 righe, salvate 0 log
[INFO] Processate 11100 righe, salvate 0 log
[INFO] Processate 11200 righe, salvate 0 log
[INFO] Processate 11300 righe, salvate 0 log
[INFO] Processate 11400 righe, salvate 0 log
[INFO] Processate 11500 righe, salvate 0 log
[INFO] Processate 11600 righe, salvate 0 log
[INFO] Processate 11700 righe, salvate 0 log
[INFO] Processate 11800 righe, salvate 0 log
[INFO] Processate 11900 righe, salvate 0 log
[INFO] Processate 12000 righe, salvate 0 log
[INFO] Processate 12100 righe, salvate 0 log
[INFO] Processate 12200 righe, salvate 0 log
[INFO] Processate 12300 righe, salvate 0 log
[INFO] Processate 12400 righe, salvate 0 log
[INFO] Processate 12500 righe, salvate 0 log
[INFO] Processate 12600 righe, salvate 0 log
[INFO] Processate 12700 righe, salvate 0 log
[INFO] Processate 12800 righe, salvate 0 log
[INFO] Processate 12900 righe, salvate 0 log
[INFO] Processate 13000 righe, salvate 0 log
[INFO] Processate 13100 righe, salvate 0 log
[INFO] Processate 13200 righe, salvate 0 log
[INFO] Processate 13300 righe, salvate 0 log
[INFO] Processate 13400 righe, salvate 0 log
[INFO] Processate 13500 righe, salvate 0 log
[INFO] Processate 13600 righe, salvate 0 log
[INFO] Processate 13700 righe, salvate 0 log
[INFO] Processate 13800 righe, salvate 0 log
[INFO] Processate 13900 righe, salvate 0 log
[INFO] Processate 14000 righe, salvate 0 log
[INFO] Processate 14100 righe, salvate 0 log
[INFO] Processate 14200 righe, salvate 0 log
[INFO] Processate 14300 righe, salvate 0 log
[INFO] Processate 14400 righe, salvate 0 log
[INFO] Processate 14500 righe, salvate 0 log
[INFO] Processate 14600 righe, salvate 0 log
[INFO] Processate 14700 righe, salvate 0 log
[INFO] Processate 14800 righe, salvate 0 log
[INFO] Processate 14900 righe, salvate 0 log
[INFO] Processate 15000 righe, salvate 0 log
[INFO] Processate 15100 righe, salvate 0 log
[INFO] Processate 15200 righe, salvate 0 log
[INFO] Processate 15300 righe, salvate 0 log
[INFO] Processate 15400 righe, salvate 0 log
[INFO] Processate 15500 righe, salvate 0 log
[INFO] Processate 15600 righe, salvate 0 log
[INFO] Processate 15700 righe, salvate 0 log
[INFO] Processate 15800 righe, salvate 0 log
[INFO] Processate 15900 righe, salvate 0 log
[INFO] Processate 16000 righe, salvate 0 log
[INFO] Processate 16100 righe, salvate 0 log
[INFO] Processate 16200 righe, salvate 0 log
[INFO] Processate 16300 righe, salvate 0 log
[INFO] Processate 16400 righe, salvate 0 log
[INFO] Processate 16500 righe, salvate 0 log
[INFO] Processate 16600 righe, salvate 0 log
[INFO] Processate 16700 righe, salvate 0 log
[INFO] Processate 16800 righe, salvate 0 log
[INFO] Processate 16900 righe, salvate 0 log
[INFO] Processate 17000 righe, salvate 0 log
^C
[root@ids python_ml]# grep "TIMESTAMP" /etc/rsyslog.d/99-mikrotik.conf
[root@ids python_ml]# grep "TIMESTAMP" /etc/rsyslog.d/99-mikrotik.conf

76
attached_assets/Pasted-systemctl-status-ids-ml-backend-Unit-ids-ml-backend-service-could-not-be-found-root-ids-ps-aux-1763802707490_1763802707490.txt
View File

@ -1,76 +0,0 @@
systemctl status ids-ml-backend
Unit ids-ml-backend.service could not be found.
[root@ids ~]# ps aux | grep "python.*main.py"
ids 1547 6.0 4.1 2205816 668884 ? Sl Nov21 55:37 /usr/bin/python3.11 main.py
root 13688 0.0 0.0 3884 2304 pts/5 S+ 10:08 0:00 grep --color=auto python.*main.py
[root@ids ~]# tail -50 /var/log/ids/ml_backend.log
tail: cannot open '/var/log/ids/ml_backend.log' for reading: No such file or directory
[root@ids ~]# curl http://localhost:8000/health
{"status":"healthy","database":"connected","ml_model":"loaded","timestamp":"2025-11-22T10:09:55.941962"}[root@ids ~]#
[root@ids ~]# sudo crontab -u ids -l | grep train
0 */12 * * * /opt/ids/deployment/cron_train.sh
[root@ids ~]# # Verifica storico training
psql $DATABASE_URL -c "SELECT id, model_version, records_processed, status, notes, trained_at FROM training_history ORDER BY trained_at DESC LIMIT 5;"
psql: error: FATAL: role "root" does not exist
[root@ids ~]# cd /opt/ids/
[root@ids ids]# cat .env
# Database PostgreSQL
PGHOST=localhost
PGPORT=5432
PGDATABASE=ids_database
PGUSER=ids_user
PGPASSWORD=TestPassword123
DATABASE_URL=postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database
# Session Secret (genera una stringa random sicura)
SESSION_SECRET=zLMzP8lLgjgz/NlgfDXuLK8bwHCod+o5zLOWP5DipRM=
# Python Backend URL (per frontend)
VITE_PYTHON_API_URL=http://localhost:8000
# Node Environment
NODE_ENV=production
[root@ids ids]# DATABASE_URL=postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database
[root@ids ids]# cat .env
# Database PostgreSQL
PGHOST=localhost
PGPORT=5432
PGDATABASE=ids_database
PGUSER=ids_user
PGPASSWORD=TestPassword123
DATABASE_URL=postgresql://ids_user:TestPassword123@127.0.0.1:5432/ids_database
# Session Secret (genera una stringa random sicura)
SESSION_SECRET=zLMzP8lLgjgz/NlgfDXuLK8bwHCod+o5zLOWP5DipRM=
# Python Backend URL (per frontend)
VITE_PYTHON_API_URL=http://localhost:8000
# Node Environment
NODE_ENV=production
[root@ids ids]# psql $DATABASE_URL -c "SELECT id, model_version, records_processed, status, notes, trained_at FROM training_history ORDER BY trained_at DESC LIMIT 5;"
id | model_version | records_processed | status | notes | trained_at
----+---------------+-------------------+--------+-------+------------
(0 rows)
[root@ids ids]# # Trova dove sta loggando il processo
lsof -p 1547 | grep log
python3.1 1547 ids mem REG 253,0 187881 1053730 /home/ids/.local/lib/python3.11/site-packages/sklearn/utils/_logistic_sigmoid.cpython-311-x86_64-linux-gnu.so
python3.1 1547 ids 1w REG 253,0 1546719 538992839 /var/log/ids/backend.log
python3.1 1547 ids 2w REG 253,0 1546719 538992839 /var/log/ids/backend.log
[root@ids ids]# tail -f /var/log/ids/backend.log
📚 Docs available at http://0.0.0.0:8000/docs
INFO: 127.0.0.1:40168 - "POST /detect HTTP/1.1" 200 OK
INFO: 127.0.0.1:57698 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:56726 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:41940 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:39840 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:55900 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:43422 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:33580 - "GET /stats HTTP/1.1" 200 OK
INFO: 127.0.0.1:55752 - "GET /stats HTTP/1.1" 200 OK
^C

190
attached_assets/Pasted-tail-30-var-log-ids-frontend-log-5-16-03-PM-express-GET-api-ml-stats-304-in-15ms-logs-t-1763742178598_1763742178598.txt
View File

@ -1,190 +0,0 @@
tail -30 /var/log/ids/frontend.log
5:16:03 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:13 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:16:13 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:23 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
5:16:23 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:33 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
5:16:33 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:49 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:49 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:17:09 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:17:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:18 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:18 PM [express] GET /api/ml/stats 200 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:28 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:28 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:38 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:19:38 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:48 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:48 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:20:33 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:20:35 CET 2025] Frontend riavviato con PID: 11385
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
5:20:37 PM [express] serving on port 5000
✅ Database connection successful
[root@ids ~]# tail -30 /var/log/ids/frontend.log
5:16:03 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:13 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:16:13 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:23 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
5:16:23 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:33 PM [express] GET /api/training-history 500 in 4ms :: {"error":"Failed to fetch training hist…
5:16:33 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:49 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:49 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:17:09 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:17:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:18 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:18 PM [express] GET /api/ml/stats 200 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:28 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:28 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:38 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:19:38 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:48 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:48 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:20:33 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:20:35 CET 2025] Frontend riavviato con PID: 11385
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
5:20:37 PM [express] serving on port 5000
✅ Database connection successful
[root@ids ~]# tail -30 /var/log/ids/frontend.log
5:16:49 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:49 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:17:09 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:17:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:18 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:18 PM [express] GET /api/ml/stats 200 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:28 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:28 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:38 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:19:38 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:48 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:48 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:20:33 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:20:35 CET 2025] Frontend riavviato con PID: 11385
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
5:20:37 PM [express] serving on port 5000
✅ Database connection successful
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS
plugin that raised this warning, please contact the package author to fix the issue.
5:21:01 PM [express] GET /api/training-history 200 in 34ms :: []
5:21:01 PM [express] GET /api/ml/stats 304 in 39ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:04 PM [express] POST /api/ml/train 200 in 14ms :: {"message":"Training avviato in background","…
5:21:04 PM [express] GET /api/training-history 304 in 3ms :: []
5:21:04 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ~]# tail -30 /var/log/ids/frontend.log
5:16:49 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:49 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:17:09 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:17:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:18 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:18 PM [express] GET /api/ml/stats 200 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:28 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:28 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:38 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:19:38 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:48 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:48 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:20:33 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:20:35 CET 2025] Frontend riavviato con PID: 11385
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
5:20:37 PM [express] serving on port 5000
✅ Database connection successful
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS
plugin that raised this warning, please contact the package author to fix the issue.
5:21:01 PM [express] GET /api/training-history 200 in 34ms :: []
5:21:01 PM [express] GET /api/ml/stats 304 in 39ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:04 PM [express] POST /api/ml/train 200 in 14ms :: {"message":"Training avviato in background","…
5:21:04 PM [express] GET /api/training-history 304 in 3ms :: []
5:21:04 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ~]# tail -30 /var/log/ids/frontend.log
5:16:49 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:49 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:16:59 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:16:59 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:17:09 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:17:09 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:18 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:18 PM [express] GET /api/ml/stats 200 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:28 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:28 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:38 PM [express] GET /api/training-history 500 in 5ms :: {"error":"Failed to fetch training hist…
5:19:38 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:19:48 PM [express] GET /api/training-history 500 in 3ms :: {"error":"Failed to fetch training hist…
5:19:48 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[Fri Nov 21 17:20:33 CET 2025] Frontend Node NON attivo, riavvio...
[Fri Nov 21 17:20:35 CET 2025] Frontend riavviato con PID: 11385
> rest-express@1.0.0 dev
> NODE_ENV=development tsx server/index.ts
 Using standard PostgreSQL database
5:20:37 PM [express] serving on port 5000
✅ Database connection successful
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS
plugin that raised this warning, please contact the package author to fix the issue.
5:21:01 PM [express] GET /api/training-history 200 in 34ms :: []
5:21:01 PM [express] GET /api/ml/stats 304 in 39ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:04 PM [express] POST /api/ml/train 200 in 14ms :: {"message":"Training avviato in background","…
5:21:04 PM [express] GET /api/training-history 304 in 3ms :: []
5:21:04 PM [express] GET /api/ml/stats 304 in 15ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ~]# tail -30 /var/log/ids/frontend.log
at async <anonymous> (/opt/ids/server/routes.ts:10:23) {
length: 109,
severity: 'ERROR',
code: '42703',
detail: undefined,
hint: undefined,
position: '83',
internalPosition: undefined,
internalQuery: undefined,
where: undefined,
schema: undefined,
table: undefined,
column: undefined,
dataType: undefined,
constraint: undefined,
file: 'parse_relation.c',
line: '3562',
routine: 'errorMissingColumn'
}
5:21:31 PM [express] GET /api/routers 500 in 12ms :: {"error":"Failed to fetch routers"}
5:21:32 PM [express] GET /api/training-history 304 in 15ms :: []
5:21:33 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:43 PM [express] GET /api/training-history 304 in 14ms :: []
5:21:43 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:44 PM [express] GET /api/detections 304 in 4ms :: []
5:21:46 PM [express] GET /api/training-history 304 in 4ms :: []
5:21:46 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
5:21:48 PM [express] GET /api/detections 304 in 2ms :: []
5:21:50 PM [express] GET /api/training-history 304 in 5ms :: []
5:21:50 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ~]# tail -30 /var/log/ids/frontend.log

32
attached_assets/Pasted-tail-30-var-log-ids-frontend-log-Using-standard-PostgreSQL-database-6-31-19-PM-express-servi-1763746570888_1763746570888.txt
View File

@ -1,32 +0,0 @@
tail -30 /var/log/ids/frontend.log
🐘 Using standard PostgreSQL database
6:31:19 PM [express] serving on port 5000
✅ Database connection successful
A PostCSS plugin did not pass the `from` option to `postcss.parse`. This may cause imported assets to be incorrectly transformed. If you've recently added a PostCSS plugin that raised this warning, please contact the package author to fix the issue.
6:34:07 PM [express] GET /api/routers 304 in 29ms :: [{"id":"77031e0b-ef65-4be7-9767-7220c762232f","…
6:34:09 PM [express] GET /api/detections 304 in 5ms :: []
6:34:11 PM [express] GET /api/training-history 200 in 13ms :: []
6:34:11 PM [express] GET /api/ml/stats 304 in 40ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:34:21 PM [express] GET /api/training-history 304 in 12ms :: []
6:34:21 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:34:31 PM [express] GET /api/training-history 304 in 18ms :: []
6:34:31 PM [express] GET /api/ml/stats 304 in 20ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:34:41 PM [express] GET /api/training-history 304 in 12ms :: []
6:34:41 PM [express] GET /api/ml/stats 304 in 19ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:34:51 PM [express] GET /api/training-history 304 in 14ms :: []
6:34:51 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:01 PM [express] GET /api/training-history 304 in 12ms :: []
6:35:01 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:11 PM [express] GET /api/training-history 304 in 12ms :: []
6:35:11 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:21 PM [express] GET /api/training-history 304 in 13ms :: []
6:35:21 PM [express] GET /api/ml/stats 304 in 18ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:31 PM [express] GET /api/training-history 304 in 13ms :: []
6:35:31 PM [express] GET /api/ml/stats 304 in 17ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:41 PM [express] GET /api/training-history 304 in 12ms :: []
6:35:41 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
6:35:51 PM [express] GET /api/training-history 304 in 13ms :: []
6:35:51 PM [express] GET /api/ml/stats 304 in 16ms :: {"logs":{"total":0,"last_hour":0},"detections"…
[root@ids ~]#

51
attached_assets/Pasted-tail-50-var-log-cron-Nov-18-08-50-01-ids-CROND-78427-ids-CMD-cd-opt-ids-python-ml-usr-bi-1763454586967_1763454586967.txt
View File

@ -1,51 +0,0 @@
tail -50 /var/log/cron
Nov 18 08:50:01 ids CROND[78427]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 08:50:01 ids CROND[78404]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 08:50:01 ids CROND[78402]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 08:50:01 ids CROND[78403]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 08:55:01 ids CROND[78522]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 08:55:01 ids CROND[78523]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 08:55:01 ids CROND[78527]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 08:55:01 ids CROND[78507]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 08:55:01 ids CROND[78506]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 08:55:01 ids CROND[78505]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:00:02 ids CROND[78620]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:00:02 ids CROND[78622]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:00:02 ids CROND[78626]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:00:02 ids CROND[78605]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:00:02 ids CROND[78604]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:00:02 ids CROND[78603]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:01:01 ids CROND[78698]: (root) CMD (run-parts /etc/cron.hourly)
Nov 18 09:01:02 ids run-parts[78701]: (/etc/cron.hourly) starting 0anacron
Nov 18 09:01:02 ids run-parts[78707]: (/etc/cron.hourly) finished 0anacron
Nov 18 09:01:02 ids CROND[78697]: (root) CMDEND (run-parts /etc/cron.hourly)
Nov 18 09:05:01 ids CROND[78733]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:05:01 ids CROND[78736]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:05:01 ids CROND[78738]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:05:01 ids CROND[78719]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:05:01 ids CROND[78718]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:05:01 ids CROND[78717]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:10:01 ids CROND[78836]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:10:01 ids CROND[78838]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:10:01 ids CROND[78843]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:10:01 ids CROND[78822]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:10:01 ids CROND[78820]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:10:01 ids CROND[78821]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:15:02 ids CROND[78939]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:15:02 ids CROND[78941]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:15:02 ids CROND[78943]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:15:02 ids CROND[78925]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:15:02 ids CROND[78924]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:15:02 ids CROND[78923]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:20:01 ids CROND[79040]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:20:01 ids CROND[79042]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:20:01 ids CROND[79044]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:20:01 ids CROND[79025]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:20:01 ids CROND[79023]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:20:01 ids CROND[79024]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:25:01 ids CROND[79143]: (ids) CMD (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:25:01 ids CROND[79145]: (ids) CMD (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:25:01 ids CROND[79146]: (ids) CMD (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:25:01 ids CROND[79128]: (ids) CMDEND (cd /opt/ids/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> /var/log/ids/detect.log 2>&1)
Nov 18 09:25:01 ids CROND[79126]: (ids) CMDEND (/opt/ids/deployment/check_frontend.sh >> /var/log/ids/cron.log 2>&1)
Nov 18 09:25:01 ids CROND[79127]: (ids) CMDEND (/opt/ids/deployment/check_backend.sh >> /var/log/ids/cron.log 2>&1)

52
attached_assets/Pasted-tail-50-var-log-ids-ml-backend-log-from-fastapi-import-FastAPI-HTTPException-BackgroundTasks-1763804377883_1763804377883.txt
View File

@ -1,52 +0,0 @@
tail -50 /var/log/ids/ml_backend.log
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
Traceback (most recent call last):
File "/opt/ids/python_ml/main.py", line 6, in <module>
from fastapi import FastAPI, HTTPException, BackgroundTasks, Security, Header
ModuleNotFoundError: No module named 'fastapi'
[root@ids ids]#

0
attached_assets/branding-1763806069323.json
View File

0
attached_assets/branding-1763806123543.json
View File

0
attached_assets/branding-1763806128376.json
View File

1
attached_assets/content-1763806072472.md
View File

@ -1 +0,0 @@
No markdown content returned

1
attached_assets/content-1763806125175.md
View File

@ -1 +0,0 @@
No markdown content returned

1
attached_assets/content-1763806129536.md
View File

@ -1 +0,0 @@
No markdown content returned

BIN
attached_assets/immagine_1763806026980.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 58 KiB

BIN
attached_assets/immagine_1763806046634.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 96 KiB

BIN
attached_assets/immagine_1763806076334.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 96 KiB

BIN
attached_assets/immagine_1763806259469.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 96 KiB

BIN
attached_assets/immagine_1763806279776.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 92 KiB

BIN
attached_assets/immagine_1767353869328.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 42 KiB

0
attached_assets/screenshot-1763806057920.png
View File

0
attached_assets/screenshot-1763806098058.png
View File

19
client/src/App.tsx
View File

@ -4,28 +4,17 @@ import { QueryClientProvider } from "@tanstack/react-query";
import { Toaster } from "@/components/ui/toaster"; import { Toaster } from "@/components/ui/toaster";
import { TooltipProvider } from "@/components/ui/tooltip"; import { TooltipProvider } from "@/components/ui/tooltip";
import { SidebarProvider, Sidebar, SidebarContent, SidebarGroup, SidebarGroupContent, SidebarGroupLabel, SidebarMenu, SidebarMenuButton, SidebarMenuItem, SidebarTrigger } from "@/components/ui/sidebar"; import { SidebarProvider, Sidebar, SidebarContent, SidebarGroup, SidebarGroupContent, SidebarGroupLabel, SidebarMenu, SidebarMenuButton, SidebarMenuItem, SidebarTrigger } from "@/components/ui/sidebar";
import { LayoutDashboard, AlertTriangle, Server, Shield, Brain, Menu, Activity, BarChart3, TrendingUp, List } from "lucide-react"; import { LayoutDashboard, AlertTriangle, Server, Shield, Menu } from "lucide-react";
import Dashboard from "@/pages/Dashboard"; import Dashboard from "@/pages/Dashboard";
import Detections from "@/pages/Detections"; import Detections from "@/pages/Detections";
import DashboardLive from "@/pages/DashboardLive";
import AnalyticsHistory from "@/pages/AnalyticsHistory";
import Routers from "@/pages/Routers"; import Routers from "@/pages/Routers";
import Whitelist from "@/pages/Whitelist";
import PublicLists from "@/pages/PublicLists";
import Training from "@/pages/Training";
import Services from "@/pages/Services";
import NotFound from "@/pages/not-found"; import NotFound from "@/pages/not-found";
const menuItems = [ const menuItems = [
{ title: "Dashboard", url: "/", icon: LayoutDashboard }, { title: "Dashboard", url: "/", icon: LayoutDashboard },
{ title: "Rilevamenti", url: "/detections", icon: AlertTriangle }, { title: "Rilevamenti", url: "/detections", icon: AlertTriangle },
{ title: "Dashboard Live", url: "/dashboard-live", icon: Activity },
{ title: "Analytics Storici", url: "/analytics", icon: BarChart3 },
{ title: "Training ML", url: "/training", icon: Brain },
{ title: "Router", url: "/routers", icon: Server }, { title: "Router", url: "/routers", icon: Server },
{ title: "Whitelist", url: "/whitelist", icon: Shield }, { title: "Whitelist", url: "/whitelist", icon: Shield },
{ title: "Liste Pubbliche", url: "/public-lists", icon: List },
{ title: "Servizi", url: "/services", icon: TrendingUp },
]; ];
function AppSidebar() { function AppSidebar() {
@ -59,13 +48,7 @@ function Router() {
<Switch> <Switch>
<Route path="/" component={Dashboard} /> <Route path="/" component={Dashboard} />
<Route path="/detections" component={Detections} /> <Route path="/detections" component={Detections} />
<Route path="/dashboard-live" component={DashboardLive} />
<Route path="/analytics" component={AnalyticsHistory} />
<Route path="/training" component={Training} />
<Route path="/routers" component={Routers} /> <Route path="/routers" component={Routers} />
<Route path="/whitelist" component={Whitelist} />
<Route path="/public-lists" component={PublicLists} />
<Route path="/services" component={Services} />
<Route component={NotFound} /> <Route component={NotFound} />
</Switch> </Switch>
); );

62
client/src/lib/country-flags.ts
View File

@ -1,62 +0,0 @@
/**
* Country Flags Utilities
* Converte country code in flag emoji
*/
/**
* Converte country code ISO 3166-1 alpha-2 in flag emoji
* Es: "IT" => "🇮🇹", "US" => "🇺🇸"
*/
export function getFlagEmoji(countryCode: string | null | undefined): string {
if (!countryCode || countryCode.length !== 2) {
return '🏳️'; // Flag bianca per unknown
}
const codePoints = countryCode
.toUpperCase()
.split('')
.map(char => 127397 + char.charCodeAt(0));
return String.fromCodePoint(...codePoints);
}
/**
* Mappa nomi paesi comuni (fallback se API non ritorna country code)
*/
export const COUNTRY_CODE_MAP: Record<string, string> = {
'Italy': 'IT',
'United States': 'US',
'Russia': 'RU',
'China': 'CN',
'Germany': 'DE',
'France': 'FR',
'United Kingdom': 'GB',
'Spain': 'ES',
'Brazil': 'BR',
'Japan': 'JP',
'India': 'IN',
'Canada': 'CA',
'Australia': 'AU',
'Netherlands': 'NL',
'Switzerland': 'CH',
'Sweden': 'SE',
'Poland': 'PL',
'Ukraine': 'UA',
'Romania': 'RO',
'Belgium': 'BE',
};
/**
* Ottieni flag da nome paese o country code
*/
export function getFlag(country: string | null | undefined, countryCode?: string | null): string {
if (countryCode) {
return getFlagEmoji(countryCode);
}
if (country && COUNTRY_CODE_MAP[country]) {
return getFlagEmoji(COUNTRY_CODE_MAP[country]);
}
return '🏳️';
}

320
client/src/pages/AnalyticsHistory.tsx
View File

@ -1,320 +0,0 @@
import { useQuery } from "@tanstack/react-query";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button";
import {
LineChart, Line, BarChart, Bar, AreaChart, Area,
XAxis, YAxis, CartesianGrid, Tooltip, Legend, ResponsiveContainer
} from "recharts";
import { Calendar, TrendingUp, BarChart3, Globe, Download } from "lucide-react";
import type { NetworkAnalytics } from "@shared/schema";
import { format, parseISO } from "date-fns";
import { useState } from "react";
export default function AnalyticsHistory() {
const [days, setDays] = useState(30);
// Fetch historical analytics (hourly aggregations)
const { data: analytics = [], isLoading } = useQuery<NetworkAnalytics[]>({
queryKey: [`/api/analytics/recent?days=${days}&hourly=true`],
refetchInterval: 60000, // Aggiorna ogni minuto
});
// Prepara dati per grafici
const trendData = analytics
.map(a => {
// Parse JSON fields safely
let attacksByCountry = {};
let attacksByType = {};
try {
attacksByCountry = a.attacksByCountry ? JSON.parse(a.attacksByCountry) : {};
} catch {}
try {
attacksByType = a.attacksByType ? JSON.parse(a.attacksByType) : {};
} catch {}
return {
date: format(new Date(a.date), "dd/MM HH:mm"),
fullDate: a.date,
totalPackets: a.totalPackets || 0,
normalPackets: a.normalPackets || 0,
attackPackets: a.attackPackets || 0,
attackPercentage: a.totalPackets > 0
? ((a.attackPackets || 0) / a.totalPackets * 100).toFixed(1)
: "0",
uniqueIps: a.uniqueIps || 0,
attackUniqueIps: a.attackUniqueIps || 0,
};
})
.sort((a, b) => new Date(a.fullDate).getTime() - new Date(b.fullDate).getTime());
// Aggrega dati per paese (da tutti i giorni)
const countryAggregation: Record<string, number> = {};
analytics.forEach(a => {
if (a.attacksByCountry) {
try {
const countries = JSON.parse(a.attacksByCountry);
if (countries && typeof countries === 'object') {
Object.entries(countries).forEach(([country, count]) => {
if (typeof count === 'number') {
countryAggregation[country] = (countryAggregation[country] || 0) + count;
}
});
}
} catch (e) {
console.warn('Failed to parse attacksByCountry:', e);
}
}
});
const topCountries = Object.entries(countryAggregation)
.map(([name, attacks]) => ({ name, attacks }))
.sort((a, b) => b.attacks - a.attacks)
.slice(0, 10);
// Calcola metriche totali
const totalTraffic = analytics.reduce((sum, a) => sum + (a.totalPackets || 0), 0);
const totalAttacks = analytics.reduce((sum, a) => sum + (a.attackPackets || 0), 0);
const totalNormal = analytics.reduce((sum, a) => sum + (a.normalPackets || 0), 0);
const avgAttackRate = totalTraffic > 0 ? ((totalAttacks / totalTraffic) * 100).toFixed(2) : "0";
return (
<div className="flex flex-col gap-6 p-6" data-testid="page-analytics-history">
{/* Header */}
<div className="flex items-center justify-between">
<div>
<h1 className="text-3xl font-semibold flex items-center gap-2" data-testid="text-page-title">
<BarChart3 className="h-8 w-8" />
Analytics Storici
</h1>
<p className="text-muted-foreground" data-testid="text-page-subtitle">
Statistiche permanenti per analisi long-term
</p>
</div>
{/* Time Range Selector */}
<div className="flex items-center gap-2">
<Button
variant={days === 7 ? "default" : "outline"}
size="sm"
onClick={() => setDays(7)}
data-testid="button-7days"
>
7 Giorni
</Button>
<Button
variant={days === 30 ? "default" : "outline"}
size="sm"
onClick={() => setDays(30)}
data-testid="button-30days"
>
30 Giorni
</Button>
<Button
variant={days === 90 ? "default" : "outline"}
size="sm"
onClick={() => setDays(90)}
data-testid="button-90days"
>
90 Giorni
</Button>
</div>
</div>
{isLoading && (
<div className="text-center py-8" data-testid="text-loading">
Caricamento dati storici...
</div>
)}
{!isLoading && analytics.length === 0 && (
<Card>
<CardContent className="py-12 text-center text-muted-foreground">
<Calendar className="h-12 w-12 mx-auto mb-4 opacity-50" />
<p>Nessun dato storico disponibile</p>
<p className="text-sm mt-2">
I dati verranno aggregati automaticamente ogni ora dal sistema
</p>
</CardContent>
</Card>
)}
{!isLoading && analytics.length > 0 && (
<>
{/* Summary KPIs */}
<div className="grid grid-cols-1 md:grid-cols-4 gap-4">
<Card data-testid="card-total-summary">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Traffico Totale ({days}g)
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-2xl font-bold" data-testid="text-total-summary">
{totalTraffic.toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">pacchetti</p>
</CardContent>
</Card>
<Card data-testid="card-normal-summary">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Traffico Normale
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-2xl font-bold text-green-600" data-testid="text-normal-summary">
{totalNormal.toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">
{(100 - parseFloat(avgAttackRate)).toFixed(1)}% del totale
</p>
</CardContent>
</Card>
<Card data-testid="card-attacks-summary">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Attacchi Totali
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-2xl font-bold text-red-600" data-testid="text-attacks-summary">
{totalAttacks.toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">
{avgAttackRate}% del traffico
</p>
</CardContent>
</Card>
<Card data-testid="card-avg-daily">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Media Giornaliera
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-2xl font-bold" data-testid="text-avg-daily">
{Math.round(totalTraffic / analytics.length).toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">pacchetti/giorno</p>
</CardContent>
</Card>
</div>
{/* Trend Line Chart */}
<Card data-testid="card-trend">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<TrendingUp className="h-5 w-5" />
Trend Traffico (Normale + Attacchi)
</CardTitle>
</CardHeader>
<CardContent>
<ResponsiveContainer width="100%" height={400}>
<AreaChart data={trendData}>
<CartesianGrid strokeDasharray="3 3" />
<XAxis dataKey="date" />
<YAxis />
<Tooltip />
<Legend />
<Area
type="monotone"
dataKey="normalPackets"
stackId="1"
stroke="#22c55e"
fill="#22c55e"
name="Normale"
/>
<Area
type="monotone"
dataKey="attackPackets"
stackId="1"
stroke="#ef4444"
fill="#ef4444"
name="Attacchi"
/>
</AreaChart>
</ResponsiveContainer>
</CardContent>
</Card>
{/* Attack Rate Trend */}
<Card data-testid="card-attack-rate">
<CardHeader>
<CardTitle>Percentuale Attacchi nel Tempo</CardTitle>
</CardHeader>
<CardContent>
<ResponsiveContainer width="100%" height={300}>
<LineChart data={trendData}>
<CartesianGrid strokeDasharray="3 3" />
<XAxis dataKey="date" />
<YAxis />
<Tooltip />
<Legend />
<Line
type="monotone"
dataKey="attackPercentage"
stroke="#ef4444"
name="% Attacchi"
strokeWidth={2}
/>
</LineChart>
</ResponsiveContainer>
</CardContent>
</Card>
{/* Top Countries (Historical) */}
<Card data-testid="card-top-countries">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Globe className="h-5 w-5" />
Top 10 Paesi Attaccanti (Storico)
</CardTitle>
</CardHeader>
<CardContent>
{topCountries.length > 0 ? (
<ResponsiveContainer width="100%" height={400}>
<BarChart data={topCountries} layout="vertical">
<CartesianGrid strokeDasharray="3 3" />
<XAxis type="number" />
<YAxis dataKey="name" type="category" width={100} />
<Tooltip />
<Legend />
<Bar dataKey="attacks" fill="#ef4444" name="Attacchi Totali" />
</BarChart>
</ResponsiveContainer>
) : (
<div className="text-center py-20 text-muted-foreground">
Nessun dato disponibile
</div>
)}
</CardContent>
</Card>
{/* Export Button (Placeholder) */}
<Card data-testid="card-export">
<CardContent className="pt-6">
<div className="flex items-center justify-between">
<div>
<h3 className="font-semibold">Export Report</h3>
<p className="text-sm text-muted-foreground">
Esporta i dati in formato CSV per analisi esterne
</p>
</div>
<Button variant="outline" data-testid="button-export">
<Download className="h-4 w-4 mr-2" />
Esporta CSV
</Button>
</div>
</CardContent>
</Card>
</>
)}
</div>
);
}

104
client/src/pages/Dashboard.tsx
View File

@ -2,9 +2,8 @@ import { useQuery } from "@tanstack/react-query";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge"; import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button"; import { Button } from "@/components/ui/button";
import { Activity, Shield, Server, AlertTriangle, CheckCircle2, TrendingUp, Database, FileText, Brain } from "lucide-react"; import { Activity, Shield, Server, AlertTriangle, CheckCircle2, TrendingUp } from "lucide-react";
import { format } from "date-fns"; import { format } from "date-fns";
import { it } from "date-fns/locale";
import type { Detection, Router, TrainingHistory } from "@shared/schema"; import type { Detection, Router, TrainingHistory } from "@shared/schema";
interface StatsResponse { interface StatsResponse {
@ -15,22 +14,6 @@ interface StatsResponse {
latestTraining: TrainingHistory | null; latestTraining: TrainingHistory | null;
} }
interface ServiceStatus {
name: string;
status: "running" | "idle" | "offline" | "error" | "unknown";
healthy: boolean;
details: any;
}
interface ServicesStatusResponse {
services: {
mlBackend: ServiceStatus;
database: ServiceStatus;
syslogParser: ServiceStatus;
analyticsAggregator: ServiceStatus;
};
}
export default function Dashboard() { export default function Dashboard() {
const { data: stats } = useQuery<StatsResponse>({ const { data: stats } = useQuery<StatsResponse>({
queryKey: ["/api/stats"], queryKey: ["/api/stats"],
@ -38,7 +21,7 @@ export default function Dashboard() {
}); });
const { data: recentDetections } = useQuery<Detection[]>({ const { data: recentDetections } = useQuery<Detection[]>({
queryKey: ["/api/detections?limit=100"], queryKey: ["/api/detections"],
refetchInterval: 5000, // Refresh every 5s refetchInterval: 5000, // Refresh every 5s
}); });
@ -46,11 +29,6 @@ export default function Dashboard() {
queryKey: ["/api/routers"], queryKey: ["/api/routers"],
}); });
const { data: servicesStatus } = useQuery<ServicesStatusResponse>({
queryKey: ["/api/services/status"],
refetchInterval: 5000, // Refresh every 5s
});
const getRiskBadge = (riskScore: string) => { const getRiskBadge = (riskScore: string) => {
const score = parseFloat(riskScore); const score = parseFloat(riskScore);
if (score >= 85) return <Badge variant="destructive" data-testid={`badge-risk-critical`}>CRITICO</Badge>; if (score >= 85) return <Badge variant="destructive" data-testid={`badge-risk-critical`}>CRITICO</Badge>;
@ -69,84 +47,6 @@ export default function Dashboard() {
</p> </p>
</div> </div>
{/* Services Status */}
<Card data-testid="card-services-status">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Activity className="h-5 w-5" />
Stato Servizi
</CardTitle>
</CardHeader>
<CardContent>
<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
{/* ML Backend */}
<div className="flex items-center gap-3 p-3 rounded-lg border" data-testid="service-ml-backend">
<div className={`h-3 w-3 rounded-full ${servicesStatus?.services.mlBackend.healthy ? 'bg-green-500' : 'bg-red-500'}`} data-testid="status-indicator-ml-backend" />
<div className="flex-1 min-w-0">
<div className="flex items-center gap-2">
<Brain className="h-4 w-4 text-muted-foreground" />
<p className="font-medium text-sm">ML Backend</p>
</div>
<p className="text-xs text-muted-foreground">
{servicesStatus?.services.mlBackend.status === 'running' && 'In esecuzione'}
{servicesStatus?.services.mlBackend.status === 'offline' && 'Offline'}
{servicesStatus?.services.mlBackend.status === 'error' && 'Errore'}
{!servicesStatus && 'Caricamento...'}
</p>
{servicesStatus?.services.mlBackend.details?.modelLoaded !== undefined && (
<p className="text-xs text-muted-foreground mt-1">
Modello: {servicesStatus.services.mlBackend.details.modelLoaded ? '✓ Caricato' : '✗ Non caricato'}
</p>
)}
</div>
</div>
{/* Database */}
<div className="flex items-center gap-3 p-3 rounded-lg border" data-testid="service-database">
<div className={`h-3 w-3 rounded-full ${servicesStatus?.services.database.healthy ? 'bg-green-500' : 'bg-red-500'}`} data-testid="status-indicator-database" />
<div className="flex-1 min-w-0">
<div className="flex items-center gap-2">
<Database className="h-4 w-4 text-muted-foreground" />
<p className="font-medium text-sm">Database</p>
</div>
<p className="text-xs text-muted-foreground">
{servicesStatus?.services.database.status === 'running' && 'Connesso'}
{servicesStatus?.services.database.status === 'error' && 'Errore connessione'}
{!servicesStatus && 'Caricamento...'}
</p>
</div>
</div>
{/* Syslog Parser */}
<div className="flex items-center gap-3 p-3 rounded-lg border" data-testid="service-syslog-parser">
<div className={`h-3 w-3 rounded-full ${servicesStatus?.services.syslogParser.healthy ? 'bg-green-500' : 'bg-yellow-500'}`} data-testid="status-indicator-syslog-parser" />
<div className="flex-1 min-w-0">
<div className="flex items-center gap-2">
<FileText className="h-4 w-4 text-muted-foreground" />
<p className="font-medium text-sm">Syslog Parser</p>
</div>
<p className="text-xs text-muted-foreground">
{servicesStatus?.services.syslogParser.status === 'running' && 'Attivo'}
{servicesStatus?.services.syslogParser.status === 'idle' && 'In attesa log'}
{servicesStatus?.services.syslogParser.status === 'error' && 'Errore'}
{!servicesStatus && 'Caricamento...'}
</p>
{servicesStatus?.services.syslogParser.details?.logsLast5Min !== undefined && (
<p className="text-xs text-muted-foreground mt-1">
{servicesStatus.services.syslogParser.details.logsLast5Min} log (5min)
</p>
)}
</div>
</div>
</div>
<div className="mt-4">
<Button variant="outline" size="sm" asChild data-testid="button-view-services">
<a href="/services">Gestisci Servizi</a>
</Button>
</div>
</CardContent>
</Card>
{/* Stats Grid */} {/* Stats Grid */}
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4"> <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
<Card data-testid="card-routers"> <Card data-testid="card-routers">

296
client/src/pages/DashboardLive.tsx
View File

@ -1,296 +0,0 @@
import { useQuery } from "@tanstack/react-query";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge";
import { Activity, Globe, Shield, TrendingUp, AlertTriangle } from "lucide-react";
import { AreaChart, Area, BarChart, Bar, PieChart, Pie, Cell, XAxis, YAxis, CartesianGrid, Tooltip, Legend, ResponsiveContainer } from "recharts";
import type { Detection, NetworkLog } from "@shared/schema";
import { getFlag } from "@/lib/country-flags";
import { format } from "date-fns";
interface DashboardStats {
totalPackets: number;
attackPackets: number;
normalPackets: number;
uniqueIps: number;
attackUniqueIps: number;
attacksByCountry: Record<string, number>;
attacksByType: Record<string, number>;
recentDetections: Detection[];
}
export default function DashboardLive() {
// Fetch aggregated stats from analytics (ultimi 72h = 3 giorni)
const { data: stats, isLoading } = useQuery<DashboardStats>({
queryKey: ["/api/dashboard/live?hours=72"],
refetchInterval: 10000, // Aggiorna ogni 10s
});
// Usa dati aggregati precisi
const totalTraffic = stats?.totalPackets || 0;
const totalAttacks = stats?.attackPackets || 0;
const normalTraffic = stats?.normalPackets || 0;
const attackPercentage = totalTraffic > 0 ? ((totalAttacks / totalTraffic) * 100).toFixed(2) : "0";
const detections = stats?.recentDetections || [];
const blockedAttacks = detections.filter(d => d.blocked).length;
// Usa dati aggregati già calcolati dal backend
const attacksByCountry = stats?.attacksByCountry || {};
const attacksByType = stats?.attacksByType || {};
const countryChartData = Object.entries(attacksByCountry)
.map(([name, attacks]) => ({
name: `${getFlag(name, name.substring(0, 2))} ${name}`,
attacks,
normal: 0,
}))
.sort((a, b) => b.attacks - a.attacks)
.slice(0, 10);
const typeChartData = Object.entries(attacksByType).map(([name, value]) => ({
name: name.replace('_', ' ').toUpperCase(),
value,
}));
// Traffico normale vs attacchi (gauge data)
const trafficDistribution = [
{ name: 'Normal', value: normalTraffic, color: '#22c55e' },
{ name: 'Attacks', value: totalAttacks, color: '#ef4444' },
];
// Ultimi eventi (stream)
const recentEvents = [...detections]
.sort((a, b) => new Date(b.detectedAt).getTime() - new Date(a.detectedAt).getTime())
.slice(0, 20);
const COLORS = ['#ef4444', '#f97316', '#f59e0b', '#eab308', '#84cc16'];
return (
<div className="flex flex-col gap-6 p-6" data-testid="page-dashboard-live">
{/* Header */}
<div>
<h1 className="text-3xl font-semibold flex items-center gap-2" data-testid="text-page-title">
<Activity className="h-8 w-8" />
Dashboard Live
</h1>
<p className="text-muted-foreground" data-testid="text-page-subtitle">
Monitoraggio real-time (ultimi 3 giorni)
</p>
</div>
{isLoading && (
<div className="text-center py-8" data-testid="text-loading">
Caricamento dati...
</div>
)}
{!isLoading && (
<>
{/* KPI Cards */}
<div className="grid grid-cols-1 md:grid-cols-4 gap-4">
<Card data-testid="card-total-traffic">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Traffico Totale
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-3xl font-bold" data-testid="text-total-traffic">
{totalTraffic.toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">pacchetti</p>
</CardContent>
</Card>
<Card data-testid="card-normal-traffic">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Traffico Normale
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-3xl font-bold text-green-600" data-testid="text-normal-traffic">
{normalTraffic.toLocaleString()}
</div>
<p className="text-xs text-muted-foreground mt-1">
{(100 - parseFloat(attackPercentage)).toFixed(1)}% del totale
</p>
</CardContent>
</Card>
<Card data-testid="card-attacks">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
Attacchi Rilevati
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-3xl font-bold text-red-600" data-testid="text-attacks">
{totalAttacks}
</div>
<p className="text-xs text-muted-foreground mt-1">
{attackPercentage}% del traffico
</p>
</CardContent>
</Card>
<Card data-testid="card-blocked">
<CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">
IP Bloccati
</CardTitle>
</CardHeader>
<CardContent>
<div className="text-3xl font-bold text-orange-600" data-testid="text-blocked">
{blockedAttacks}
</div>
<p className="text-xs text-muted-foreground mt-1">
{totalAttacks > 0 ? ((blockedAttacks / totalAttacks) * 100).toFixed(1) : 0}% degli attacchi
</p>
</CardContent>
</Card>
</div>
{/* Charts Row 1 */}
<div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
{/* Traffic Distribution (Pie) */}
<Card data-testid="card-distribution">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<TrendingUp className="h-5 w-5" />
Distribuzione Traffico
</CardTitle>
</CardHeader>
<CardContent>
<ResponsiveContainer width="100%" height={300}>
<PieChart>
<Pie
data={trafficDistribution}
cx="50%"
cy="50%"
labelLine={false}
label={(entry) => `${entry.name}: ${entry.value}`}
outerRadius={100}
fill="#8884d8"
dataKey="value"
>
{trafficDistribution.map((entry, index) => (
<Cell key={`cell-${index}`} fill={entry.color} />
))}
</Pie>
<Tooltip />
<Legend />
</PieChart>
</ResponsiveContainer>
</CardContent>
</Card>
{/* Attacks by Type (Pie) */}
<Card data-testid="card-attack-types">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<AlertTriangle className="h-5 w-5" />
Tipi di Attacco
</CardTitle>
</CardHeader>
<CardContent>
{typeChartData.length > 0 ? (
<ResponsiveContainer width="100%" height={300}>
<PieChart>
<Pie
data={typeChartData}
cx="50%"
cy="50%"
labelLine={false}
label={(entry) => `${entry.name}: ${entry.value}`}
outerRadius={100}
fill="#8884d8"
dataKey="value"
>
{typeChartData.map((entry, index) => (
<Cell key={`cell-${index}`} fill={COLORS[index % COLORS.length]} />
))}
</Pie>
<Tooltip />
<Legend />
</PieChart>
</ResponsiveContainer>
) : (
<div className="text-center py-20 text-muted-foreground">
Nessun attacco rilevato
</div>
)}
</CardContent>
</Card>
</div>
{/* Top Countries (Bar Chart) */}
<Card data-testid="card-countries">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Globe className="h-5 w-5" />
Top 10 Paesi Attaccanti
</CardTitle>
</CardHeader>
<CardContent>
{countryChartData.length > 0 ? (
<ResponsiveContainer width="100%" height={400}>
<BarChart data={countryChartData}>
<CartesianGrid strokeDasharray="3 3" />
<XAxis dataKey="name" />
<YAxis />
<Tooltip />
<Legend />
<Bar dataKey="attacks" fill="#ef4444" name="Attacchi" />
</BarChart>
</ResponsiveContainer>
) : (
<div className="text-center py-20 text-muted-foreground">
Nessun dato disponibile
</div>
)}
</CardContent>
</Card>
{/* Real-time Event Stream */}
<Card data-testid="card-event-stream">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Shield className="h-5 w-5" />
Stream Eventi Recenti
</CardTitle>
</CardHeader>
<CardContent>
<div className="space-y-2 max-h-96 overflow-y-auto">
{recentEvents.map(event => (
<div
key={event.id}
className="flex items-center justify-between p-3 rounded-lg border hover-elevate"
data-testid={`event-${event.id}`}
>
<div className="flex items-center gap-3">
{event.countryCode && (
<span className="text-xl">
{getFlag(event.country, event.countryCode)}
</span>
)}
<div>
<code className="font-mono font-semibold">{event.sourceIp}</code>
<p className="text-xs text-muted-foreground">
{event.anomalyType.replace('_', ' ')} {format(new Date(event.detectedAt), "HH:mm:ss")}
</p>
</div>
</div>
<Badge variant={event.blocked ? "destructive" : "secondary"}>
{event.blocked ? "Bloccato" : "Attivo"}
</Badge>
</div>
))}
</div>
</CardContent>
</Card>
</>
)}
</div>
);
}

346
client/src/pages/Detections.tsx
View File

@ -1,133 +1,24 @@
import { useQuery, useMutation } from "@tanstack/react-query"; import { useQuery } from "@tanstack/react-query";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge"; import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button"; import { Button } from "@/components/ui/button";
import { Input } from "@/components/ui/input"; import { Input } from "@/components/ui/input";
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select"; import { AlertTriangle, Search, Shield, Eye } from "lucide-react";
import { Slider } from "@/components/ui/slider";
import { AlertTriangle, Search, Shield, Globe, MapPin, Building2, ShieldPlus, ShieldCheck, Unlock, ChevronLeft, ChevronRight } from "lucide-react";
import { format } from "date-fns"; import { format } from "date-fns";
import { useState, useEffect, useMemo } from "react"; import { useState } from "react";
import type { Detection, Whitelist } from "@shared/schema"; import type { Detection } from "@shared/schema";
import { getFlag } from "@/lib/country-flags";
import { apiRequest, queryClient } from "@/lib/queryClient";
import { useToast } from "@/hooks/use-toast";
const ITEMS_PER_PAGE = 50;
interface DetectionsResponse {
detections: Detection[];
total: number;
}
export default function Detections() { export default function Detections() {
const [searchInput, setSearchInput] = useState(""); const [searchQuery, setSearchQuery] = useState("");
const [debouncedSearch, setDebouncedSearch] = useState(""); const { data: detections, isLoading } = useQuery<Detection[]>({
const [anomalyTypeFilter, setAnomalyTypeFilter] = useState<string>("all"); queryKey: ["/api/detections"],
const [minScore, setMinScore] = useState(0); refetchInterval: 5000,
const [maxScore, setMaxScore] = useState(100);
const [currentPage, setCurrentPage] = useState(1);
const { toast } = useToast();
// Debounce search input
useEffect(() => {
const timer = setTimeout(() => {
setDebouncedSearch(searchInput);
setCurrentPage(1); // Reset to first page on search
}, 300);
return () => clearTimeout(timer);
}, [searchInput]);
// Reset page on filter change
useEffect(() => {
setCurrentPage(1);
}, [anomalyTypeFilter, minScore, maxScore]);
// Build query params with pagination and search
const queryParams = useMemo(() => {
const params = new URLSearchParams();
params.set("limit", ITEMS_PER_PAGE.toString());
params.set("offset", ((currentPage - 1) * ITEMS_PER_PAGE).toString());
if (anomalyTypeFilter !== "all") {
params.set("anomalyType", anomalyTypeFilter);
}
if (minScore > 0) {
params.set("minScore", minScore.toString());
}
if (maxScore < 100) {
params.set("maxScore", maxScore.toString());
}
if (debouncedSearch.trim()) {
params.set("search", debouncedSearch.trim());
}
return params.toString();
}, [currentPage, anomalyTypeFilter, minScore, maxScore, debouncedSearch]);
const { data, isLoading } = useQuery<DetectionsResponse>({
queryKey: ["/api/detections", currentPage, anomalyTypeFilter, minScore, maxScore, debouncedSearch],
queryFn: () => fetch(`/api/detections?${queryParams}`).then(r => r.json()),
refetchInterval: 10000,
}); });
const detections = data?.detections || []; const filteredDetections = detections?.filter((d) =>
const totalCount = data?.total || 0; d.sourceIp.toLowerCase().includes(searchQuery.toLowerCase()) ||
const totalPages = Math.ceil(totalCount / ITEMS_PER_PAGE); d.anomalyType.toLowerCase().includes(searchQuery.toLowerCase())
);
// Fetch whitelist to check if IP is already whitelisted
const { data: whitelistData } = useQuery<Whitelist[]>({
queryKey: ["/api/whitelist"],
});
// Create a Set of whitelisted IPs for fast lookup
const whitelistedIps = new Set(whitelistData?.map(w => w.ipAddress) || []);
// Mutation per aggiungere a whitelist
const addToWhitelistMutation = useMutation({
mutationFn: async (detection: Detection) => {
return await apiRequest("POST", "/api/whitelist", {
ipAddress: detection.sourceIp,
reason: `Auto-added from detection: ${detection.anomalyType} (Risk: ${parseFloat(detection.riskScore).toFixed(1)})`
});
},
onSuccess: (_, detection) => {
toast({
title: "IP aggiunto alla whitelist",
description: `${detection.sourceIp} è stato aggiunto alla whitelist e sbloccato dai router.`,
});
queryClient.invalidateQueries({ queryKey: ["/api/whitelist"] });
queryClient.invalidateQueries({ queryKey: ["/api/detections"] });
},
onError: (error: any, detection) => {
toast({
title: "Errore",
description: error.message || `Impossibile aggiungere ${detection.sourceIp} alla whitelist.`,
variant: "destructive",
});
}
});
// Mutation per sbloccare IP dai router
const unblockMutation = useMutation({
mutationFn: async (detection: Detection) => {
return await apiRequest("POST", "/api/unblock-ip", {
ipAddress: detection.sourceIp
});
},
onSuccess: (data: any, detection) => {
toast({
title: "IP sbloccato",
description: `${detection.sourceIp} è stato rimosso dalla blocklist di ${data.unblocked_from || 0} router.`,
});
queryClient.invalidateQueries({ queryKey: ["/api/detections"] });
},
onError: (error: any, detection) => {
toast({
title: "Errore sblocco",
description: error.message || `Impossibile sbloccare ${detection.sourceIp} dai router.`,
variant: "destructive",
});
}
});
const getRiskBadge = (riskScore: string) => { const getRiskBadge = (riskScore: string) => {
const score = parseFloat(riskScore); const score = parseFloat(riskScore);
@ -161,58 +52,20 @@ export default function Detections() {
{/* Search and Filters */} {/* Search and Filters */}
<Card data-testid="card-filters"> <Card data-testid="card-filters">
<CardContent className="pt-6"> <CardContent className="pt-6">
<div className="flex flex-col gap-4"> <div className="flex items-center gap-4">
<div className="flex items-center gap-4 flex-wrap"> <div className="relative flex-1">
<div className="relative flex-1 min-w-[200px]"> <Search className="absolute left-3 top-1/2 -translate-y-1/2 h-4 w-4 text-muted-foreground" />
<Search className="absolute left-3 top-1/2 -translate-y-1/2 h-4 w-4 text-muted-foreground" /> <Input
<Input placeholder="Cerca per IP o tipo anomalia..."
placeholder="Cerca per IP, paese, organizzazione..." value={searchQuery}
value={searchInput} onChange={(e) => setSearchQuery(e.target.value)}
onChange={(e) => setSearchInput(e.target.value)} className="pl-9"
className="pl-9" data-testid="input-search"
data-testid="input-search" />
/>
</div>
<Select value={anomalyTypeFilter} onValueChange={setAnomalyTypeFilter}>
<SelectTrigger className="w-[200px]" data-testid="select-anomaly-type">
<SelectValue placeholder="Tipo attacco" />
</SelectTrigger>
<SelectContent>
<SelectItem value="all">Tutti i tipi</SelectItem>
<SelectItem value="ddos">DDoS Attack</SelectItem>
<SelectItem value="port_scan">Port Scanning</SelectItem>
<SelectItem value="brute_force">Brute Force</SelectItem>
<SelectItem value="botnet">Botnet Activity</SelectItem>
<SelectItem value="suspicious">Suspicious Activity</SelectItem>
</SelectContent>
</Select>
</div>
<div className="space-y-2">
<div className="flex items-center justify-between text-sm">
<span className="text-muted-foreground">Risk Score:</span>
<span className="font-medium" data-testid="text-score-range">
{minScore} - {maxScore}
</span>
</div>
<div className="flex items-center gap-4">
<span className="text-xs text-muted-foreground w-8">0</span>
<Slider
min={0}
max={100}
step={5}
value={[minScore, maxScore]}
onValueChange={([min, max]) => {
setMinScore(min);
setMaxScore(max);
}}
className="flex-1"
data-testid="slider-risk-score"
/>
<span className="text-xs text-muted-foreground w-8">100</span>
</div>
</div> </div>
<Button variant="outline" data-testid="button-refresh">
Aggiorna
</Button>
</div> </div>
</CardContent> </CardContent>
</Card> </Card>
@ -220,36 +73,9 @@ export default function Detections() {
{/* Detections List */} {/* Detections List */}
<Card data-testid="card-detections-list"> <Card data-testid="card-detections-list">
<CardHeader> <CardHeader>
<CardTitle className="flex items-center justify-between gap-2 flex-wrap"> <CardTitle className="flex items-center gap-2">
<div className="flex items-center gap-2"> <AlertTriangle className="h-5 w-5" />
<AlertTriangle className="h-5 w-5" /> Rilevamenti ({filteredDetections?.length || 0})
Rilevamenti ({totalCount})
</div>
{totalPages > 1 && (
<div className="flex items-center gap-2 text-sm font-normal">
<Button
variant="outline"
size="icon"
onClick={() => setCurrentPage(p => Math.max(1, p - 1))}
disabled={currentPage === 1}
data-testid="button-prev-page"
>
<ChevronLeft className="h-4 w-4" />
</Button>
<span data-testid="text-pagination">
Pagina {currentPage} di {totalPages}
</span>
<Button
variant="outline"
size="icon"
onClick={() => setCurrentPage(p => Math.min(totalPages, p + 1))}
disabled={currentPage === totalPages}
data-testid="button-next-page"
>
<ChevronRight className="h-4 w-4" />
</Button>
</div>
)}
</CardTitle> </CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
@ -257,9 +83,9 @@ export default function Detections() {
<div className="text-center py-8 text-muted-foreground" data-testid="text-loading"> <div className="text-center py-8 text-muted-foreground" data-testid="text-loading">
Caricamento... Caricamento...
</div> </div>
) : detections.length > 0 ? ( ) : filteredDetections && filteredDetections.length > 0 ? (
<div className="space-y-3"> <div className="space-y-3">
{detections.map((detection) => ( {filteredDetections.map((detection) => (
<div <div
key={detection.id} key={detection.id}
className="p-4 rounded-lg border hover-elevate" className="p-4 rounded-lg border hover-elevate"
@ -267,14 +93,7 @@ export default function Detections() {
> >
<div className="flex items-start justify-between gap-4"> <div className="flex items-start justify-between gap-4">
<div className="flex-1 min-w-0"> <div className="flex-1 min-w-0">
<div className="flex items-center gap-3 mb-2 flex-wrap"> <div className="flex items-center gap-2 mb-2 flex-wrap">
{/* Flag Emoji */}
{detection.countryCode && (
<span className="text-2xl" title={detection.country || detection.countryCode} data-testid={`flag-${detection.id}`}>
{getFlag(detection.country, detection.countryCode)}
</span>
)}
<code className="font-mono font-semibold text-lg" data-testid={`text-ip-${detection.id}`}> <code className="font-mono font-semibold text-lg" data-testid={`text-ip-${detection.id}`}>
{detection.sourceIp} {detection.sourceIp}
</code> </code>
@ -288,34 +107,6 @@ export default function Detections() {
{detection.reason} {detection.reason}
</p> </p>
{/* Geolocation Info */}
{(detection.country || detection.organization || detection.asNumber) && (
<div className="flex flex-wrap gap-3 mb-3 text-sm" data-testid={`geo-info-${detection.id}`}>
{detection.country && (
<div className="flex items-center gap-1.5 text-muted-foreground">
<Globe className="h-3.5 w-3.5" />
<span data-testid={`text-country-${detection.id}`}>
{detection.city ? `${detection.city}, ${detection.country}` : detection.country}
</span>
</div>
)}
{detection.organization && (
<div className="flex items-center gap-1.5 text-muted-foreground">
<Building2 className="h-3.5 w-3.5" />
<span data-testid={`text-org-${detection.id}`}>{detection.organization}</span>
</div>
)}
{detection.asNumber && (
<div className="flex items-center gap-1.5 text-muted-foreground">
<MapPin className="h-3.5 w-3.5" />
<span data-testid={`text-as-${detection.id}`}>
{detection.asNumber} {detection.asName && `- ${detection.asName}`}
</span>
</div>
)}
</div>
)}
<div className="grid grid-cols-2 md:grid-cols-4 gap-4 text-sm"> <div className="grid grid-cols-2 md:grid-cols-4 gap-4 text-sm">
<div> <div>
<p className="text-muted-foreground text-xs">Risk Score</p> <p className="text-muted-foreground text-xs">Risk Score</p>
@ -365,44 +156,12 @@ export default function Detections() {
</Badge> </Badge>
)} )}
{whitelistedIps.has(detection.sourceIp) ? ( <Button variant="outline" size="sm" asChild data-testid={`button-details-${detection.id}`}>
<Button <a href={`/logs?ip=${detection.sourceIp}`}>
variant="outline" <Eye className="h-3 w-3 mr-1" />
size="sm" Dettagli
disabled </a>
className="w-full bg-green-500/10 border-green-500 text-green-600 dark:text-green-400" </Button>
data-testid={`button-whitelist-${detection.id}`}
>
<ShieldCheck className="h-3 w-3 mr-1" />
In Whitelist
</Button>
) : (
<Button
variant="outline"
size="sm"
onClick={() => addToWhitelistMutation.mutate(detection)}
disabled={addToWhitelistMutation.isPending}
className="w-full"
data-testid={`button-whitelist-${detection.id}`}
>
<ShieldPlus className="h-3 w-3 mr-1" />
Whitelist
</Button>
)}
{detection.blocked && (
<Button
variant="outline"
size="sm"
onClick={() => unblockMutation.mutate(detection)}
disabled={unblockMutation.isPending}
className="w-full"
data-testid={`button-unblock-${detection.id}`}
>
<Unlock className="h-3 w-3 mr-1" />
Sblocca Router
</Button>
)}
</div> </div>
</div> </div>
</div> </div>
@ -412,40 +171,11 @@ export default function Detections() {
<div className="text-center py-12 text-muted-foreground" data-testid="text-no-results"> <div className="text-center py-12 text-muted-foreground" data-testid="text-no-results">
<AlertTriangle className="h-12 w-12 mx-auto mb-2 opacity-50" /> <AlertTriangle className="h-12 w-12 mx-auto mb-2 opacity-50" />
<p>Nessun rilevamento trovato</p> <p>Nessun rilevamento trovato</p>
{debouncedSearch && ( {searchQuery && (
<p className="text-sm">Prova con un altro termine di ricerca</p> <p className="text-sm">Prova con un altro termine di ricerca</p>
)} )}
</div> </div>
)} )}
{/* Bottom pagination */}
{totalPages > 1 && detections.length > 0 && (
<div className="flex items-center justify-center gap-4 mt-6 pt-4 border-t">
<Button
variant="outline"
size="sm"
onClick={() => setCurrentPage(p => Math.max(1, p - 1))}
disabled={currentPage === 1}
data-testid="button-prev-page-bottom"
>
<ChevronLeft className="h-4 w-4 mr-1" />
Precedente
</Button>
<span className="text-sm text-muted-foreground" data-testid="text-pagination-bottom">
Pagina {currentPage} di {totalPages} ({totalCount} totali)
</span>
<Button
variant="outline"
size="sm"
onClick={() => setCurrentPage(p => Math.min(totalPages, p + 1))}
disabled={currentPage === totalPages}
data-testid="button-next-page-bottom"
>
Successiva
<ChevronRight className="h-4 w-4 ml-1" />
</Button>
</div>
)}
</CardContent> </CardContent>
</Card> </Card>
</div> </div>

372
client/src/pages/PublicLists.tsx
View File

@ -1,372 +0,0 @@
import { useQuery, useMutation } from "@tanstack/react-query";
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
import { Button } from "@/components/ui/button";
import { Badge } from "@/components/ui/badge";
import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table";
import { Dialog, DialogContent, DialogDescription, DialogHeader, DialogTitle, DialogTrigger } from "@/components/ui/dialog";
import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
import { Input } from "@/components/ui/input";
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
import { Switch } from "@/components/ui/switch";
import { useForm } from "react-hook-form";
import { zodResolver } from "@hookform/resolvers/zod";
import { z } from "zod";
import { RefreshCw, Plus, Trash2, Edit, CheckCircle2, XCircle, AlertTriangle, Clock } from "lucide-react";
import { apiRequest, queryClient } from "@/lib/queryClient";
import { useToast } from "@/hooks/use-toast";
import { formatDistanceToNow } from "date-fns";
import { it } from "date-fns/locale";
import { useState } from "react";
const listFormSchema = z.object({
name: z.string().min(1, "Nome richiesto"),
type: z.enum(["blacklist", "whitelist"], {
required_error: "Tipo richiesto",
}),
url: z.string().url("URL non valida"),
enabled: z.boolean().default(true),
fetchIntervalMinutes: z.number().min(1).max(1440).default(10),
});
type ListFormValues = z.infer<typeof listFormSchema>;
export default function PublicLists() {
const { toast } = useToast();
const [isAddDialogOpen, setIsAddDialogOpen] = useState(false);
const [editingList, setEditingList] = useState<any>(null);
const { data: lists, isLoading } = useQuery({
queryKey: ["/api/public-lists"],
});
const form = useForm<ListFormValues>({
resolver: zodResolver(listFormSchema),
defaultValues: {
name: "",
type: "blacklist",
url: "",
enabled: true,
fetchIntervalMinutes: 10,
},
});
const createMutation = useMutation({
mutationFn: (data: ListFormValues) =>
apiRequest("POST", "/api/public-lists", data),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/public-lists"] });
toast({
title: "Lista creata",
description: "La lista è stata aggiunta con successo",
});
setIsAddDialogOpen(false);
form.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile creare la lista",
variant: "destructive",
});
},
});
const updateMutation = useMutation({
mutationFn: ({ id, data }: { id: string; data: Partial<ListFormValues> }) =>
apiRequest("PATCH", `/api/public-lists/${id}`, data),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/public-lists"] });
toast({
title: "Lista aggiornata",
description: "Le modifiche sono state salvate",
});
setEditingList(null);
},
});
const deleteMutation = useMutation({
mutationFn: (id: string) =>
apiRequest("DELETE", `/api/public-lists/${id}`),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/public-lists"] });
toast({
title: "Lista eliminata",
description: "La lista è stata rimossa",
});
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile eliminare la lista",
variant: "destructive",
});
},
});
const syncMutation = useMutation({
mutationFn: (id: string) =>
apiRequest("POST", `/api/public-lists/${id}/sync`),
onSuccess: () => {
toast({
title: "Sync avviato",
description: "La sincronizzazione manuale è stata richiesta",
});
},
});
const toggleEnabled = (id: string, enabled: boolean) => {
updateMutation.mutate({ id, data: { enabled } });
};
const onSubmit = (data: ListFormValues) => {
createMutation.mutate(data);
};
const getStatusBadge = (list: any) => {
if (!list.enabled) {
return <Badge variant="outline" className="gap-1"><XCircle className="w-3 h-3" />Disabilitata</Badge>;
}
if (list.errorCount > 5) {
return <Badge variant="destructive" className="gap-1"><AlertTriangle className="w-3 h-3" />Errori</Badge>;
}
if (list.lastSuccess) {
return <Badge variant="default" className="gap-1 bg-green-600"><CheckCircle2 className="w-3 h-3" />OK</Badge>;
}
return <Badge variant="secondary" className="gap-1"><Clock className="w-3 h-3" />In attesa</Badge>;
};
const getTypeBadge = (type: string) => {
if (type === "blacklist") {
return <Badge variant="destructive">Blacklist</Badge>;
}
return <Badge variant="default" className="bg-blue-600">Whitelist</Badge>;
};
if (isLoading) {
return (
<div className="p-6">
<Card>
<CardHeader>
<CardTitle>Caricamento...</CardTitle>
</CardHeader>
</Card>
</div>
);
}
return (
<div className="p-6 space-y-6">
<div className="flex items-center justify-between">
<div>
<h1 className="text-3xl font-bold">Liste Pubbliche</h1>
<p className="text-muted-foreground mt-2">
Gestione sorgenti blacklist e whitelist esterne (aggiornamento ogni 10 minuti)
</p>
</div>
<Dialog open={isAddDialogOpen} onOpenChange={setIsAddDialogOpen}>
<DialogTrigger asChild>
<Button data-testid="button-add-list">
<Plus className="w-4 h-4 mr-2" />
Aggiungi Lista
</Button>
</DialogTrigger>
<DialogContent className="max-w-2xl">
<DialogHeader>
<DialogTitle>Aggiungi Lista Pubblica</DialogTitle>
<DialogDescription>
Configura una nuova sorgente blacklist o whitelist
</DialogDescription>
</DialogHeader>
<Form {...form}>
<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
<FormField
control={form.control}
name="name"
render={({ field }) => (
<FormItem>
<FormLabel>Nome</FormLabel>
<FormControl>
<Input placeholder="es. Spamhaus DROP" {...field} data-testid="input-list-name" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="type"
render={({ field }) => (
<FormItem>
<FormLabel>Tipo</FormLabel>
<Select onValueChange={field.onChange} defaultValue={field.value}>
<FormControl>
<SelectTrigger data-testid="select-list-type">
<SelectValue placeholder="Seleziona tipo" />
</SelectTrigger>
</FormControl>
<SelectContent>
<SelectItem value="blacklist">Blacklist</SelectItem>
<SelectItem value="whitelist">Whitelist</SelectItem>
</SelectContent>
</Select>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="url"
render={({ field }) => (
<FormItem>
<FormLabel>URL</FormLabel>
<FormControl>
<Input placeholder="https://example.com/list.txt" {...field} data-testid="input-list-url" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="fetchIntervalMinutes"
render={({ field }) => (
<FormItem>
<FormLabel>Intervallo Sync (minuti)</FormLabel>
<FormControl>
<Input
type="number"
{...field}
onChange={(e) => field.onChange(parseInt(e.target.value))}
data-testid="input-list-interval"
/>
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="enabled"
render={({ field }) => (
<FormItem className="flex items-center justify-between">
<FormLabel>Abilitata</FormLabel>
<FormControl>
<Switch
checked={field.value}
onCheckedChange={field.onChange}
data-testid="switch-list-enabled"
/>
</FormControl>
</FormItem>
)}
/>
<div className="flex justify-end gap-2 pt-4">
<Button type="button" variant="outline" onClick={() => setIsAddDialogOpen(false)}>
Annulla
</Button>
<Button type="submit" disabled={createMutation.isPending} data-testid="button-save-list">
{createMutation.isPending ? "Salvataggio..." : "Salva"}
</Button>
</div>
</form>
</Form>
</DialogContent>
</Dialog>
</div>
<Card>
<CardHeader>
<CardTitle>Sorgenti Configurate</CardTitle>
<CardDescription>
{lists?.length || 0} liste configurate
</CardDescription>
</CardHeader>
<CardContent>
<Table>
<TableHeader>
<TableRow>
<TableHead>Nome</TableHead>
<TableHead>Tipo</TableHead>
<TableHead>Stato</TableHead>
<TableHead>IP Totali</TableHead>
<TableHead>IP Attivi</TableHead>
<TableHead>Ultimo Sync</TableHead>
<TableHead className="text-right">Azioni</TableHead>
</TableRow>
</TableHeader>
<TableBody>
{lists?.map((list: any) => (
<TableRow key={list.id} data-testid={`row-list-${list.id}`}>
<TableCell className="font-medium">
<div>
<div>{list.name}</div>
<div className="text-xs text-muted-foreground truncate max-w-xs">
{list.url}
</div>
</div>
</TableCell>
<TableCell>{getTypeBadge(list.type)}</TableCell>
<TableCell>{getStatusBadge(list)}</TableCell>
<TableCell data-testid={`text-total-ips-${list.id}`}>{list.totalIps?.toLocaleString() || 0}</TableCell>
<TableCell data-testid={`text-active-ips-${list.id}`}>{list.activeIps?.toLocaleString() || 0}</TableCell>
<TableCell>
{list.lastSuccess ? (
<span className="text-sm">
{formatDistanceToNow(new Date(list.lastSuccess), {
addSuffix: true,
locale: it,
})}
</span>
) : (
<span className="text-sm text-muted-foreground">Mai</span>
)}
</TableCell>
<TableCell className="text-right">
<div className="flex items-center justify-end gap-2">
<Switch
checked={list.enabled}
onCheckedChange={(checked) => toggleEnabled(list.id, checked)}
data-testid={`switch-enable-${list.id}`}
/>
<Button
variant="outline"
size="icon"
onClick={() => syncMutation.mutate(list.id)}
disabled={syncMutation.isPending}
data-testid={`button-sync-${list.id}`}
>
<RefreshCw className="w-4 h-4" />
</Button>
<Button
variant="destructive"
size="icon"
onClick={() => {
if (confirm(`Eliminare la lista "${list.name}"?`)) {
deleteMutation.mutate(list.id);
}
}}
data-testid={`button-delete-${list.id}`}
>
<Trash2 className="w-4 h-4" />
</Button>
</div>
</TableCell>
</TableRow>
))}
{(!lists || lists.length === 0) && (
<TableRow>
<TableCell colSpan={7} className="text-center text-muted-foreground py-8">
Nessuna lista configurata. Aggiungi la prima lista.
</TableCell>
</TableRow>
)}
</TableBody>
</Table>
</CardContent>
</Card>
</div>
);
}

404
client/src/pages/Routers.tsx
View File

@ -1,108 +1,19 @@
import { useState } from "react";
import { useQuery, useMutation } from "@tanstack/react-query"; import { useQuery, useMutation } from "@tanstack/react-query";
import { queryClient, apiRequest } from "@/lib/queryClient"; import { queryClient, apiRequest } from "@/lib/queryClient";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge"; import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button"; import { Button } from "@/components/ui/button";
import { import { Server, Plus, Trash2 } from "lucide-react";
Dialog,
DialogContent,
DialogDescription,
DialogHeader,
DialogTitle,
DialogTrigger,
DialogFooter,
} from "@/components/ui/dialog";
import {
Form,
FormControl,
FormDescription,
FormField,
FormItem,
FormLabel,
FormMessage,
} from "@/components/ui/form";
import { Input } from "@/components/ui/input";
import { Switch } from "@/components/ui/switch";
import { Server, Plus, Trash2, Edit } from "lucide-react";
import { format } from "date-fns"; import { format } from "date-fns";
import { useForm } from "react-hook-form";
import { zodResolver } from "@hookform/resolvers/zod";
import { insertRouterSchema, type InsertRouter } from "@shared/schema";
import type { Router } from "@shared/schema"; import type { Router } from "@shared/schema";
import { useToast } from "@/hooks/use-toast"; import { useToast } from "@/hooks/use-toast";
export default function Routers() { export default function Routers() {
const { toast } = useToast(); const { toast } = useToast();
const [addDialogOpen, setAddDialogOpen] = useState(false);
const [editDialogOpen, setEditDialogOpen] = useState(false);
const [editingRouter, setEditingRouter] = useState<Router | null>(null);
const { data: routers, isLoading } = useQuery<Router[]>({ const { data: routers, isLoading } = useQuery<Router[]>({
queryKey: ["/api/routers"], queryKey: ["/api/routers"],
}); });
const addForm = useForm<InsertRouter>({
resolver: zodResolver(insertRouterSchema),
defaultValues: {
name: "",
ipAddress: "",
apiPort: 8729,
username: "",
password: "",
enabled: true,
},
});
const editForm = useForm<InsertRouter>({
resolver: zodResolver(insertRouterSchema),
});
const addMutation = useMutation({
mutationFn: async (data: InsertRouter) => {
return await apiRequest("POST", "/api/routers", data);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/routers"] });
toast({
title: "Router aggiunto",
description: "Il router è stato configurato con successo",
});
setAddDialogOpen(false);
addForm.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile aggiungere il router",
variant: "destructive",
});
},
});
const updateMutation = useMutation({
mutationFn: async ({ id, data }: { id: string; data: InsertRouter }) => {
return await apiRequest("PUT", `/api/routers/${id}`, data);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/routers"] });
toast({
title: "Router aggiornato",
description: "Le modifiche sono state salvate con successo",
});
setEditDialogOpen(false);
setEditingRouter(null);
editForm.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile aggiornare il router",
variant: "destructive",
});
},
});
const deleteMutation = useMutation({ const deleteMutation = useMutation({
mutationFn: async (id: string) => { mutationFn: async (id: string) => {
await apiRequest("DELETE", `/api/routers/${id}`); await apiRequest("DELETE", `/api/routers/${id}`);
@ -123,29 +34,6 @@ export default function Routers() {
}, },
}); });
const handleAddSubmit = (data: InsertRouter) => {
addMutation.mutate(data);
};
const handleEditSubmit = (data: InsertRouter) => {
if (editingRouter) {
updateMutation.mutate({ id: editingRouter.id, data });
}
};
const handleEdit = (router: Router) => {
setEditingRouter(router);
editForm.reset({
name: router.name,
ipAddress: router.ipAddress,
apiPort: router.apiPort,
username: router.username,
password: router.password,
enabled: router.enabled,
});
setEditDialogOpen(true);
};
return ( return (
<div className="flex flex-col gap-6 p-6" data-testid="page-routers"> <div className="flex flex-col gap-6 p-6" data-testid="page-routers">
<div className="flex items-center justify-between"> <div className="flex items-center justify-between">
@ -155,152 +43,10 @@ export default function Routers() {
Gestisci i router connessi al sistema IDS Gestisci i router connessi al sistema IDS
</p> </p>
</div> </div>
<Button data-testid="button-add-router">
<Dialog open={addDialogOpen} onOpenChange={setAddDialogOpen}> <Plus className="h-4 w-4 mr-2" />
<DialogTrigger asChild> Aggiungi Router
<Button data-testid="button-add-router"> </Button>
<Plus className="h-4 w-4 mr-2" />
Aggiungi Router
</Button>
</DialogTrigger>
<DialogContent className="sm:max-w-[500px]" data-testid="dialog-add-router">
<DialogHeader>
<DialogTitle>Aggiungi Router MikroTik</DialogTitle>
<DialogDescription>
Configura un nuovo router MikroTik per il sistema IDS. Assicurati che l'API RouterOS (porta 8729/8728) sia abilitata.
</DialogDescription>
</DialogHeader>
<Form {...addForm}>
<form onSubmit={addForm.handleSubmit(handleAddSubmit)} className="space-y-4">
<FormField
control={addForm.control}
name="name"
render={({ field }) => (
<FormItem>
<FormLabel>Nome Router</FormLabel>
<FormControl>
<Input placeholder="es. MikroTik Ufficio" {...field} data-testid="input-name" />
</FormControl>
<FormDescription>
Nome descrittivo per identificare il router
</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={addForm.control}
name="ipAddress"
render={({ field }) => (
<FormItem>
<FormLabel>Indirizzo IP</FormLabel>
<FormControl>
<Input placeholder="es. 192.168.1.1" {...field} data-testid="input-ip" />
</FormControl>
<FormDescription>
Indirizzo IP o hostname del router
</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={addForm.control}
name="apiPort"
render={({ field }) => (
<FormItem>
<FormLabel>Porta API</FormLabel>
<FormControl>
<Input
type="number"
placeholder="8729"
{...field}
onChange={(e) => field.onChange(parseInt(e.target.value))}
data-testid="input-port"
/>
</FormControl>
<FormDescription>
Porta RouterOS API MikroTik (8729 per API-SSL, 8728 per API)
</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={addForm.control}
name="username"
render={({ field }) => (
<FormItem>
<FormLabel>Username</FormLabel>
<FormControl>
<Input placeholder="admin" {...field} data-testid="input-username" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={addForm.control}
name="password"
render={({ field }) => (
<FormItem>
<FormLabel>Password</FormLabel>
<FormControl>
<Input type="password" placeholder="••••••••" {...field} data-testid="input-password" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={addForm.control}
name="enabled"
render={({ field }) => (
<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3">
<div className="space-y-0.5">
<FormLabel>Abilitato</FormLabel>
<FormDescription>
Attiva il router per il blocco automatico degli IP
</FormDescription>
</div>
<FormControl>
<Switch
checked={field.value}
onCheckedChange={field.onChange}
data-testid="switch-enabled"
/>
</FormControl>
</FormItem>
)}
/>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => setAddDialogOpen(false)}
data-testid="button-cancel"
>
Annulla
</Button>
<Button
type="submit"
disabled={addMutation.isPending}
data-testid="button-submit"
>
{addMutation.isPending ? "Salvataggio..." : "Salva Router"}
</Button>
</DialogFooter>
</form>
</Form>
</DialogContent>
</Dialog>
</div> </div>
<Card data-testid="card-routers"> <Card data-testid="card-routers">
@ -368,11 +114,9 @@ export default function Routers() {
variant="outline" variant="outline"
size="sm" size="sm"
className="flex-1" className="flex-1"
onClick={() => handleEdit(router)} data-testid={`button-test-${router.id}`}
data-testid={`button-edit-${router.id}`}
> >
<Edit className="h-4 w-4 mr-2" /> Test Connessione
Modifica
</Button> </Button>
<Button <Button
variant="outline" variant="outline"
@ -396,140 +140,6 @@ export default function Routers() {
)} )}
</CardContent> </CardContent>
</Card> </Card>
<Dialog open={editDialogOpen} onOpenChange={setEditDialogOpen}>
<DialogContent className="sm:max-w-[500px]" data-testid="dialog-edit-router">
<DialogHeader>
<DialogTitle>Modifica Router</DialogTitle>
<DialogDescription>
Modifica le impostazioni del router {editingRouter?.name}
</DialogDescription>
</DialogHeader>
<Form {...editForm}>
<form onSubmit={editForm.handleSubmit(handleEditSubmit)} className="space-y-4">
<FormField
control={editForm.control}
name="name"
render={({ field }) => (
<FormItem>
<FormLabel>Nome Router</FormLabel>
<FormControl>
<Input placeholder="es. MikroTik Ufficio" {...field} data-testid="input-edit-name" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={editForm.control}
name="ipAddress"
render={({ field }) => (
<FormItem>
<FormLabel>Indirizzo IP</FormLabel>
<FormControl>
<Input placeholder="es. 192.168.1.1" {...field} data-testid="input-edit-ip" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={editForm.control}
name="apiPort"
render={({ field }) => (
<FormItem>
<FormLabel>Porta API</FormLabel>
<FormControl>
<Input
type="number"
placeholder="8729"
{...field}
onChange={(e) => field.onChange(parseInt(e.target.value))}
data-testid="input-edit-port"
/>
</FormControl>
<FormDescription>
Porta RouterOS API MikroTik (8729 per API-SSL, 8728 per API)
</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={editForm.control}
name="username"
render={({ field }) => (
<FormItem>
<FormLabel>Username</FormLabel>
<FormControl>
<Input placeholder="admin" {...field} data-testid="input-edit-username" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={editForm.control}
name="password"
render={({ field }) => (
<FormItem>
<FormLabel>Password</FormLabel>
<FormControl>
<Input type="password" placeholder="••••••••" {...field} data-testid="input-edit-password" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={editForm.control}
name="enabled"
render={({ field }) => (
<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3">
<div className="space-y-0.5">
<FormLabel>Abilitato</FormLabel>
<FormDescription>
Attiva il router per il blocco automatico degli IP
</FormDescription>
</div>
<FormControl>
<Switch
checked={field.value}
onCheckedChange={field.onChange}
data-testid="switch-edit-enabled"
/>
</FormControl>
</FormItem>
)}
/>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => setEditDialogOpen(false)}
data-testid="button-edit-cancel"
>
Annulla
</Button>
<Button
type="submit"
disabled={updateMutation.isPending}
data-testid="button-edit-submit"
>
{updateMutation.isPending ? "Salvataggio..." : "Salva Modifiche"}
</Button>
</DialogFooter>
</form>
</Form>
</DialogContent>
</Dialog>
</div> </div>
); );
} }

439
client/src/pages/Services.tsx
View File

@ -1,439 +0,0 @@
import { useQuery, useMutation } from "@tanstack/react-query";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Badge } from "@/components/ui/badge";
import { Button } from "@/components/ui/button";
import { Activity, Brain, Database, FileText, Terminal, RefreshCw, AlertCircle, Play, Square, RotateCw } from "lucide-react";
import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
import { useToast } from "@/hooks/use-toast";
import { queryClient, apiRequest } from "@/lib/queryClient";
interface ServiceStatus {
name: string;
status: "running" | "idle" | "offline" | "error" | "unknown";
healthy: boolean;
details: any;
}
interface ServicesStatusResponse {
services: {
mlBackend: ServiceStatus;
database: ServiceStatus;
syslogParser: ServiceStatus;
analyticsAggregator: ServiceStatus;
};
}
export default function ServicesPage() {
const { toast } = useToast();
const { data: servicesStatus, isLoading, refetch } = useQuery<ServicesStatusResponse>({
queryKey: ["/api/services/status"],
refetchInterval: 5000, // Refresh every 5s
});
// Mutation for service control
const serviceControlMutation = useMutation({
mutationFn: async ({ service, action }: { service: string; action: string }) => {
return apiRequest("POST", `/api/services/${service}/${action}`);
},
onSuccess: (data, variables) => {
toast({
title: "Operazione completata",
description: `Servizio ${variables.service}: ${variables.action} eseguito con successo`,
});
// Refresh status after 2 seconds
setTimeout(() => {
queryClient.invalidateQueries({ queryKey: ["/api/services/status"] });
}, 2000);
},
onError: (error: any, variables) => {
toast({
title: "Errore operazione",
description: error.message || `Impossibile eseguire ${variables.action} su ${variables.service}`,
variant: "destructive",
});
},
});
const handleServiceAction = (service: string, action: string) => {
serviceControlMutation.mutate({ service, action });
};
const getStatusBadge = (service: ServiceStatus) => {
if (service.healthy) {
return <Badge variant="default" className="bg-green-600" data-testid={`badge-status-healthy`}>Online</Badge>;
}
if (service.status === 'idle') {
return <Badge variant="secondary" data-testid={`badge-status-idle`}>In Attesa</Badge>;
}
if (service.status === 'offline') {
return <Badge variant="destructive" data-testid={`badge-status-offline`}>Offline</Badge>;
}
if (service.status === 'error') {
return <Badge variant="destructive" data-testid={`badge-status-error`}>Errore</Badge>;
}
return <Badge variant="outline" data-testid={`badge-status-unknown`}>Sconosciuto</Badge>;
};
const getStatusIndicator = (service: ServiceStatus) => {
if (service.healthy) {
return <div className="h-3 w-3 rounded-full bg-green-500" />;
}
if (service.status === 'idle') {
return <div className="h-3 w-3 rounded-full bg-yellow-500" />;
}
return <div className="h-3 w-3 rounded-full bg-red-500" />;
};
return (
<div className="flex flex-col gap-6 p-6" data-testid="page-services">
<div className="flex items-center justify-between">
<div>
<h1 className="text-3xl font-semibold" data-testid="text-services-title">Gestione Servizi</h1>
<p className="text-muted-foreground" data-testid="text-services-subtitle">
Monitoraggio e controllo dei servizi IDS
</p>
</div>
<Button onClick={() => refetch()} variant="outline" data-testid="button-refresh">
<RefreshCw className="h-4 w-4 mr-2" />
Aggiorna
</Button>
</div>
<Alert data-testid="alert-server-instructions">
<AlertCircle className="h-4 w-4" />
<AlertTitle>Gestione Servizi Systemd</AlertTitle>
<AlertDescription>
I servizi IDS sono gestiti da systemd sul server AlmaLinux.
Usa i pulsanti qui sotto per controllarli oppure esegui i comandi systemctl direttamente sul server.
</AlertDescription>
</Alert>
{/* Services Grid */}
<div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
{/* ML Backend Service */}
<Card data-testid="card-ml-backend-service">
<CardHeader>
<CardTitle className="flex items-center gap-2 text-lg">
<Brain className="h-5 w-5" />
ML Backend Python
{servicesStatus && getStatusIndicator(servicesStatus.services.mlBackend)}
</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Stato:</span>
{servicesStatus && getStatusBadge(servicesStatus.services.mlBackend)}
</div>
{servicesStatus?.services.mlBackend.details?.modelLoaded !== undefined && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Modello ML:</span>
<Badge variant={servicesStatus.services.mlBackend.details.modelLoaded ? "default" : "secondary"}>
{servicesStatus.services.mlBackend.details.modelLoaded ? "Caricato" : "Non Caricato"}
</Badge>
</div>
)}
{/* Service Controls */}
<div className="mt-4 space-y-2">
<p className="text-xs font-medium mb-2">Controlli Servizio:</p>
<div className="flex gap-2 flex-wrap">
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-ml-backend", "start")}
disabled={serviceControlMutation.isPending || servicesStatus?.services.mlBackend.status === 'running'}
data-testid="button-start-ml"
>
<Play className="h-3 w-3 mr-1" />
Start
</Button>
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-ml-backend", "stop")}
disabled={serviceControlMutation.isPending || servicesStatus?.services.mlBackend.status === 'offline'}
data-testid="button-stop-ml"
>
<Square className="h-3 w-3 mr-1" />
Stop
</Button>
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-ml-backend", "restart")}
disabled={serviceControlMutation.isPending}
data-testid="button-restart-ml"
>
<RotateCw className="h-3 w-3 mr-1" />
Restart
</Button>
</div>
</div>
{/* Manual Commands (fallback) */}
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Comando systemctl (sul server):</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-systemctl-ml">
sudo systemctl {servicesStatus?.services.mlBackend.status === 'offline' ? 'start' : 'restart'} ids-ml-backend
</code>
</div>
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Log:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-log-ml">
tail -f /var/log/ids/backend.log
</code>
</div>
</CardContent>
</Card>
{/* Database Service */}
<Card data-testid="card-database-service">
<CardHeader>
<CardTitle className="flex items-center gap-2 text-lg">
<Database className="h-5 w-5" />
PostgreSQL Database
{servicesStatus && getStatusIndicator(servicesStatus.services.database)}
</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Stato:</span>
{servicesStatus && getStatusBadge(servicesStatus.services.database)}
</div>
{servicesStatus?.services.database.status === 'running' && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Connessione:</span>
<Badge variant="default" className="bg-green-600">Connesso</Badge>
</div>
)}
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Verifica status:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-status-db">
systemctl status postgresql-16
</code>
</div>
{servicesStatus?.services.database.status === 'error' && (
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Riavvia database:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-restart-db">
sudo systemctl restart postgresql-16
</code>
</div>
)}
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Log:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-log-db">
sudo journalctl -u postgresql-16 -f
</code>
</div>
</CardContent>
</Card>
{/* Syslog Parser Service */}
<Card data-testid="card-syslog-parser-service">
<CardHeader>
<CardTitle className="flex items-center gap-2 text-lg">
<FileText className="h-5 w-5" />
Syslog Parser
{servicesStatus && getStatusIndicator(servicesStatus.services.syslogParser)}
</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Stato:</span>
{servicesStatus && getStatusBadge(servicesStatus.services.syslogParser)}
</div>
{servicesStatus?.services.syslogParser.details?.pid && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">PID Processo:</span>
<Badge variant="outline" className="font-mono">
{servicesStatus.services.syslogParser.details.pid}
</Badge>
</div>
)}
{servicesStatus?.services.syslogParser.details?.systemd_unit && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Systemd Unit:</span>
<Badge variant="outline" className="font-mono text-xs">
{servicesStatus.services.syslogParser.details.systemd_unit}
</Badge>
</div>
)}
{/* Service Controls */}
<div className="mt-4 space-y-2">
<p className="text-xs font-medium mb-2">Controlli Servizio:</p>
<div className="flex gap-2 flex-wrap">
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-syslog-parser", "start")}
disabled={serviceControlMutation.isPending || servicesStatus?.services.syslogParser.status === 'running'}
data-testid="button-start-parser"
>
<Play className="h-3 w-3 mr-1" />
Start
</Button>
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-syslog-parser", "stop")}
disabled={serviceControlMutation.isPending || servicesStatus?.services.syslogParser.status === 'offline'}
data-testid="button-stop-parser"
>
<Square className="h-3 w-3 mr-1" />
Stop
</Button>
<Button
size="sm"
variant="outline"
onClick={() => handleServiceAction("ids-syslog-parser", "restart")}
disabled={serviceControlMutation.isPending}
data-testid="button-restart-parser"
>
<RotateCw className="h-3 w-3 mr-1" />
Restart
</Button>
</div>
</div>
{/* Manual Commands (fallback) */}
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Comando systemctl (sul server):</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-systemctl-parser">
sudo systemctl {servicesStatus?.services.syslogParser.status === 'offline' ? 'start' : 'restart'} ids-syslog-parser
</code>
</div>
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Log:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-log-parser">
tail -f /var/log/ids/syslog_parser.log
</code>
</div>
</CardContent>
</Card>
{/* Analytics Aggregator Service */}
<Card data-testid="card-analytics-aggregator-service">
<CardHeader>
<CardTitle className="flex items-center gap-2 text-lg">
<Activity className="h-5 w-5" />
Analytics Aggregator
{servicesStatus && getStatusIndicator(servicesStatus.services.analyticsAggregator)}
</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Stato:</span>
{servicesStatus && getStatusBadge(servicesStatus.services.analyticsAggregator)}
</div>
{servicesStatus?.services.analyticsAggregator.details?.lastRun && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Ultima Aggregazione:</span>
<Badge variant="outline" className="text-xs">
{new Date(servicesStatus.services.analyticsAggregator.details.lastRun).toLocaleString('it-IT')}
</Badge>
</div>
)}
{servicesStatus?.services.analyticsAggregator.details?.hoursSinceLastRun && (
<div className="flex items-center justify-between">
<span className="text-sm text-muted-foreground">Ore dall'ultimo run:</span>
<Badge variant={parseFloat(servicesStatus.services.analyticsAggregator.details.hoursSinceLastRun) < 2 ? "default" : "destructive"}>
{servicesStatus.services.analyticsAggregator.details.hoursSinceLastRun}h
</Badge>
</div>
)}
{/* CRITICAL ALERT: Aggregator idle for too long */}
{servicesStatus?.services.analyticsAggregator.details?.hoursSinceLastRun &&
parseFloat(servicesStatus.services.analyticsAggregator.details.hoursSinceLastRun) > 2 && (
<Alert variant="destructive" className="mt-2" data-testid="alert-aggregator-idle">
<AlertCircle className="h-4 w-4" />
<AlertTitle className="text-sm font-semibold"> Timer Systemd Non Attivo</AlertTitle>
<AlertDescription className="text-xs mt-1">
<p className="mb-2">L'aggregatore non esegue da {servicesStatus.services.analyticsAggregator.details.hoursSinceLastRun}h! Dashboard e Analytics bloccati.</p>
<p className="font-semibold">Soluzione Immediata (sul server):</p>
<code className="block bg-destructive-foreground/10 p-2 rounded mt-1 font-mono text-xs">
sudo /opt/ids/deployment/setup_analytics_timer.sh
</code>
</AlertDescription>
</Alert>
)}
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Verifica timer:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-status-aggregator">
systemctl status ids-analytics-aggregator.timer
</code>
</div>
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Avvia aggregazione manualmente:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-run-aggregator">
cd /opt/ids && ./deployment/run_analytics.sh
</code>
</div>
<div className="mt-4 p-3 bg-muted rounded-lg">
<p className="text-xs font-medium mb-2">Log:</p>
<code className="text-xs bg-background p-2 rounded block font-mono" data-testid="code-log-aggregator">
journalctl -u ids-analytics-aggregator.timer -f
</code>
</div>
</CardContent>
</Card>
</div>
{/* Additional Commands */}
<Card data-testid="card-additional-commands">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Terminal className="h-5 w-5" />
Comandi Utili
</CardTitle>
</CardHeader>
<CardContent className="space-y-4">
<div>
<p className="text-sm font-medium mb-2">Verifica tutti i processi IDS attivi:</p>
<code className="text-xs bg-muted p-2 rounded block font-mono" data-testid="code-check-processes">
ps aux | grep -E "python.*(main|syslog_parser)" | grep -v grep
</code>
</div>
<div>
<p className="text-sm font-medium mb-2">Verifica log RSyslog (ricezione log MikroTik):</p>
<code className="text-xs bg-muted p-2 rounded block font-mono" data-testid="code-check-rsyslog">
tail -f /var/log/mikrotik/raw.log
</code>
</div>
<div>
<p className="text-sm font-medium mb-2">Esegui training manuale ML:</p>
<code className="text-xs bg-muted p-2 rounded block font-mono" data-testid="code-manual-training">
curl -X POST http://localhost:8000/train -H "Content-Type: application/json" -d '&#123;"max_records": 10000, "hours_back": 24&#125;'
</code>
</div>
<div>
<p className="text-sm font-medium mb-2">Verifica storico training nel database:</p>
<code className="text-xs bg-muted p-2 rounded block font-mono" data-testid="code-check-training">
psql $DATABASE_URL -c "SELECT * FROM training_history ORDER BY trained_at DESC LIMIT 5;"
</code>
</div>
</CardContent>
</Card>
</div>
);
}

473
client/src/pages/Training.tsx
View File

@ -1,473 +0,0 @@
import { useQuery, useMutation } from "@tanstack/react-query";
import { queryClient, apiRequest } from "@/lib/queryClient";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Button } from "@/components/ui/button";
import { Badge } from "@/components/ui/badge";
import { Brain, Play, Search, CheckCircle2, XCircle, Clock, TrendingUp } from "lucide-react";
import { format } from "date-fns";
import type { TrainingHistory } from "@shared/schema";
import { useToast } from "@/hooks/use-toast";
import { useState } from "react";
import { useForm } from "react-hook-form";
import { zodResolver } from "@hookform/resolvers/zod";
import { z } from "zod";
import {
Dialog,
DialogContent,
DialogDescription,
DialogHeader,
DialogTitle,
DialogTrigger,
DialogFooter,
} from "@/components/ui/dialog";
import {
Form,
FormControl,
FormField,
FormItem,
FormLabel,
FormMessage,
FormDescription,
} from "@/components/ui/form";
import { Input } from "@/components/ui/input";
import { Checkbox } from "@/components/ui/checkbox";
interface MLStatsResponse {
logs?: { total: number; last_hour: number };
detections?: { total: number; blocked: number };
routers?: { active: number };
latest_training?: any;
}
const trainFormSchema = z.object({
max_records: z.coerce.number().min(1, "Minimo 1 record").max(1000000, "Massimo 1M record"),
hours_back: z.coerce.number().min(1, "Minimo 1 ora").max(720, "Massimo 720 ore (30 giorni)"),
});
const detectFormSchema = z.object({
max_records: z.coerce.number().min(1, "Minimo 1 record").max(1000000, "Massimo 1M record"),
hours_back: z.coerce.number().min(1, "Minimo 1 ora").max(720, "Massimo 720 ore"),
risk_threshold: z.coerce.number().min(0, "Minimo 0").max(100, "Massimo 100"),
auto_block: z.boolean().default(true),
});
export default function TrainingPage() {
const { toast } = useToast();
const [isTrainDialogOpen, setIsTrainDialogOpen] = useState(false);
const [isDetectDialogOpen, setIsDetectDialogOpen] = useState(false);
const trainForm = useForm<z.infer<typeof trainFormSchema>>({
resolver: zodResolver(trainFormSchema),
defaultValues: {
max_records: 100000,
hours_back: 24,
},
});
const detectForm = useForm<z.infer<typeof detectFormSchema>>({
resolver: zodResolver(detectFormSchema),
defaultValues: {
max_records: 50000,
hours_back: 1,
risk_threshold: 75,
auto_block: true,
},
});
const { data: history, isLoading } = useQuery<TrainingHistory[]>({
queryKey: ["/api/training-history"],
refetchInterval: 10000,
});
const { data: mlStats } = useQuery<MLStatsResponse>({
queryKey: ["/api/ml/stats"],
refetchInterval: 10000,
});
const trainMutation = useMutation({
mutationFn: async (params: z.infer<typeof trainFormSchema>) => {
return await apiRequest("POST", "/api/ml/train", params);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/training-history"] });
queryClient.invalidateQueries({ queryKey: ["/api/ml/stats"] });
toast({
title: "Training avviato",
description: "Il modello ML è in addestramento. Controlla lo storico tra qualche minuto.",
});
setIsTrainDialogOpen(false);
trainForm.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile avviare il training",
variant: "destructive",
});
},
});
const detectMutation = useMutation({
mutationFn: async (params: z.infer<typeof detectFormSchema>) => {
return await apiRequest("POST", "/api/ml/detect", params);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/detections"] });
queryClient.invalidateQueries({ queryKey: ["/api/stats"] });
toast({
title: "Detection avviata",
description: "Analisi anomalie in corso. Controlla i rilevamenti tra qualche secondo.",
});
setIsDetectDialogOpen(false);
detectForm.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile avviare la detection",
variant: "destructive",
});
},
});
const onTrainSubmit = (data: z.infer<typeof trainFormSchema>) => {
trainMutation.mutate(data);
};
const onDetectSubmit = (data: z.infer<typeof detectFormSchema>) => {
detectMutation.mutate(data);
};
return (
<div className="flex flex-col gap-6 p-6" data-testid="page-training">
<div>
<h1 className="text-3xl font-semibold" data-testid="text-page-title">Machine Learning</h1>
<p className="text-muted-foreground" data-testid="text-page-subtitle">
Training e detection del modello Isolation Forest
</p>
</div>
{/* ML Stats */}
{mlStats && (
<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
<Card data-testid="card-ml-logs">
<CardHeader className="flex flex-row items-center justify-between gap-2 space-y-0 pb-2">
<CardTitle className="text-sm font-medium">Log Totali</CardTitle>
<Brain className="h-4 w-4 text-muted-foreground" />
</CardHeader>
<CardContent>
<div className="text-2xl font-semibold" data-testid="text-ml-logs-total">
{mlStats.logs?.total?.toLocaleString() || 0}
</div>
<p className="text-xs text-muted-foreground mt-1">
Ultima ora: {mlStats.logs?.last_hour?.toLocaleString() || 0}
</p>
</CardContent>
</Card>
<Card data-testid="card-ml-detections">
<CardHeader className="flex flex-row items-center justify-between gap-2 space-y-0 pb-2">
<CardTitle className="text-sm font-medium">Detection Totali</CardTitle>
<Search className="h-4 w-4 text-muted-foreground" />
</CardHeader>
<CardContent>
<div className="text-2xl font-semibold" data-testid="text-ml-detections-total">
{mlStats.detections?.total || 0}
</div>
<p className="text-xs text-muted-foreground mt-1">
Bloccati: {mlStats.detections?.blocked || 0}
</p>
</CardContent>
</Card>
<Card data-testid="card-ml-routers">
<CardHeader className="flex flex-row items-center justify-between gap-2 space-y-0 pb-2">
<CardTitle className="text-sm font-medium">Router Attivi</CardTitle>
<TrendingUp className="h-4 w-4 text-muted-foreground" />
</CardHeader>
<CardContent>
<div className="text-2xl font-semibold" data-testid="text-ml-routers-active">
{mlStats.routers?.active || 0}
</div>
</CardContent>
</Card>
</div>
)}
{/* Actions */}
<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
<Card data-testid="card-train-action">
<CardHeader>
<div className="flex items-center justify-between">
<CardTitle className="flex items-center gap-2">
<Brain className="h-5 w-5" />
Addestramento Modello
</CardTitle>
<Badge variant="secondary" className="bg-blue-50 text-blue-700 dark:bg-blue-950 dark:text-blue-300" data-testid="badge-model-version">
Hybrid ML v2.0.0
</Badge>
</div>
</CardHeader>
<CardContent className="space-y-4">
<p className="text-sm text-muted-foreground">
Addestra il modello Hybrid ML (Isolation Forest + Ensemble Classifier) analizzando i log recenti per rilevare pattern di traffico normale.
</p>
<Dialog open={isTrainDialogOpen} onOpenChange={setIsTrainDialogOpen}>
<DialogTrigger asChild>
<Button className="w-full" data-testid="button-start-training">
<Play className="h-4 w-4 mr-2" />
Avvia Training
</Button>
</DialogTrigger>
<DialogContent data-testid="dialog-training">
<DialogHeader>
<DialogTitle>Avvia Training ML</DialogTitle>
<DialogDescription>
Configura i parametri per l'addestramento del modello
</DialogDescription>
</DialogHeader>
<Form {...trainForm}>
<form onSubmit={trainForm.handleSubmit(onTrainSubmit)} className="space-y-4 py-4">
<FormField
control={trainForm.control}
name="max_records"
render={({ field }) => (
<FormItem>
<FormLabel>Numero Record</FormLabel>
<FormControl>
<Input type="number" {...field} data-testid="input-train-records" />
</FormControl>
<FormDescription>Consigliato: 100000</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={trainForm.control}
name="hours_back"
render={({ field }) => (
<FormItem>
<FormLabel>Ore Precedenti</FormLabel>
<FormControl>
<Input type="number" {...field} data-testid="input-train-hours" />
</FormControl>
<FormDescription>Consigliato: 24</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => setIsTrainDialogOpen(false)}
data-testid="button-cancel-training"
>
Annulla
</Button>
<Button type="submit" disabled={trainMutation.isPending} data-testid="button-confirm-training">
{trainMutation.isPending ? "Avvio..." : "Avvia Training"}
</Button>
</DialogFooter>
</form>
</Form>
</DialogContent>
</Dialog>
</CardContent>
</Card>
<Card data-testid="card-detect-action">
<CardHeader>
<div className="flex items-center justify-between">
<CardTitle className="flex items-center gap-2">
<Search className="h-5 w-5" />
Rilevamento Anomalie
</CardTitle>
<Badge variant="secondary" className="bg-green-50 text-green-700 dark:bg-green-950 dark:text-green-300" data-testid="badge-detection-version">
Hybrid ML v2.0.0
</Badge>
</div>
</CardHeader>
<CardContent className="space-y-4">
<p className="text-sm text-muted-foreground">
Analizza i log recenti per rilevare anomalie e IP sospetti con il modello Hybrid ML. Blocca automaticamente gli IP critici (risk_score 80).
</p>
<Dialog open={isDetectDialogOpen} onOpenChange={setIsDetectDialogOpen}>
<DialogTrigger asChild>
<Button variant="secondary" className="w-full" data-testid="button-start-detection">
<Search className="h-4 w-4 mr-2" />
Avvia Detection
</Button>
</DialogTrigger>
<DialogContent data-testid="dialog-detection">
<DialogHeader>
<DialogTitle>Avvia Detection Anomalie</DialogTitle>
<DialogDescription>
Configura i parametri per il rilevamento anomalie
</DialogDescription>
</DialogHeader>
<Form {...detectForm}>
<form onSubmit={detectForm.handleSubmit(onDetectSubmit)} className="space-y-4 py-4">
<FormField
control={detectForm.control}
name="max_records"
render={({ field }) => (
<FormItem>
<FormLabel>Numero Record</FormLabel>
<FormControl>
<Input type="number" {...field} data-testid="input-detect-records" />
</FormControl>
<FormDescription>Consigliato: 50000</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={detectForm.control}
name="hours_back"
render={({ field }) => (
<FormItem>
<FormLabel>Ore Precedenti</FormLabel>
<FormControl>
<Input type="number" {...field} data-testid="input-detect-hours" />
</FormControl>
<FormDescription>Consigliato: 1</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={detectForm.control}
name="risk_threshold"
render={({ field }) => (
<FormItem>
<FormLabel>Soglia Rischio (%)</FormLabel>
<FormControl>
<Input type="number" min="0" max="100" {...field} data-testid="input-detect-threshold" />
</FormControl>
<FormDescription>Consigliato: 75</FormDescription>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={detectForm.control}
name="auto_block"
render={({ field }) => (
<FormItem className="flex flex-row items-start space-x-3 space-y-0">
<FormControl>
<Checkbox
checked={field.value}
onCheckedChange={field.onChange}
data-testid="checkbox-auto-block"
/>
</FormControl>
<div className="space-y-1 leading-none">
<FormLabel>Blocco automatico IP critici (80)</FormLabel>
</div>
</FormItem>
)}
/>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => setIsDetectDialogOpen(false)}
data-testid="button-cancel-detection"
>
Annulla
</Button>
<Button type="submit" disabled={detectMutation.isPending} data-testid="button-confirm-detection">
{detectMutation.isPending ? "Avvio..." : "Avvia Detection"}
</Button>
</DialogFooter>
</form>
</Form>
</DialogContent>
</Dialog>
</CardContent>
</Card>
</div>
{/* Training History */}
<Card data-testid="card-training-history">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Clock className="h-5 w-5" />
Storico Training ({history?.length || 0})
</CardTitle>
</CardHeader>
<CardContent>
{isLoading ? (
<div className="text-center py-8 text-muted-foreground" data-testid="text-loading">
Caricamento...
</div>
) : history && history.length > 0 ? (
<div className="space-y-3">
{history.map((item) => (
<div
key={item.id}
className="p-4 rounded-lg border hover-elevate"
data-testid={`training-item-${item.id}`}
>
<div className="flex items-start justify-between gap-4">
<div className="flex-1 space-y-1">
<div className="flex items-center gap-2">
<p className="font-medium" data-testid={`text-version-${item.id}`}>
Versione {item.modelVersion}
</p>
{item.status === "success" ? (
<Badge variant="outline" className="bg-green-50" data-testid={`badge-status-${item.id}`}>
<CheckCircle2 className="h-3 w-3 mr-1" />
Successo
</Badge>
) : (
<Badge variant="destructive" data-testid={`badge-status-${item.id}`}>
<XCircle className="h-3 w-3 mr-1" />
Fallito
</Badge>
)}
</div>
<div className="grid grid-cols-2 md:grid-cols-4 gap-2 text-sm text-muted-foreground">
<div>
<span className="font-medium">Record:</span> {item.recordsProcessed.toLocaleString()}
</div>
<div>
<span className="font-medium">Feature:</span> {item.featuresCount}
</div>
{item.accuracy && (
<div>
<span className="font-medium">Accuracy:</span> {item.accuracy}%
</div>
)}
{item.trainingDuration && (
<div>
<span className="font-medium">Durata:</span> {item.trainingDuration}s
</div>
)}
</div>
<p className="text-xs text-muted-foreground" data-testid={`text-date-${item.id}`}>
{format(new Date(item.trainedAt), "dd/MM/yyyy HH:mm:ss")}
</p>
{item.notes && (
<p className="text-sm text-muted-foreground" data-testid={`text-notes-${item.id}`}>
{item.notes}
</p>
)}
</div>
</div>
</div>
))}
</div>
) : (
<div className="text-center py-12 text-muted-foreground" data-testid="text-empty">
<Brain className="h-12 w-12 mx-auto mb-4 opacity-50" />
<p className="font-medium">Nessun training eseguito</p>
<p className="text-sm mt-2">Avvia il primo training per addestrare il modello ML</p>
</div>
)}
</CardContent>
</Card>
</div>
);
}

287
client/src/pages/Whitelist.tsx
View File

@ -1,287 +0,0 @@
import { useQuery, useMutation } from "@tanstack/react-query";
import { queryClient, apiRequest } from "@/lib/queryClient";
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
import { Button } from "@/components/ui/button";
import { Shield, Plus, Trash2, CheckCircle2, XCircle, Search } from "lucide-react";
import { format } from "date-fns";
import { useState } from "react";
import { useForm } from "react-hook-form";
import { zodResolver } from "@hookform/resolvers/zod";
import { z } from "zod";
import type { Whitelist } from "@shared/schema";
import { insertWhitelistSchema } from "@shared/schema";
import { useToast } from "@/hooks/use-toast";
import {
Dialog,
DialogContent,
DialogDescription,
DialogHeader,
DialogTitle,
DialogTrigger,
DialogFooter,
} from "@/components/ui/dialog";
import {
Form,
FormControl,
FormField,
FormItem,
FormLabel,
FormMessage,
} from "@/components/ui/form";
import { Input } from "@/components/ui/input";
import { Textarea } from "@/components/ui/textarea";
const whitelistFormSchema = insertWhitelistSchema.extend({
ipAddress: z.string()
.min(7, "Inserisci un IP valido")
.regex(/^(\d{1,3}\.){3}\d{1,3}$/, "Formato IP non valido")
.refine((ip) => {
const parts = ip.split('.').map(Number);
return parts.every(part => part >= 0 && part <= 255);
}, "Ogni ottetto deve essere tra 0 e 255"),
});
export default function WhitelistPage() {
const { toast } = useToast();
const [isAddDialogOpen, setIsAddDialogOpen] = useState(false);
const [searchQuery, setSearchQuery] = useState("");
const form = useForm<z.infer<typeof whitelistFormSchema>>({
resolver: zodResolver(whitelistFormSchema),
defaultValues: {
ipAddress: "",
comment: "",
reason: "",
active: true,
},
});
const { data: whitelist, isLoading } = useQuery<Whitelist[]>({
queryKey: ["/api/whitelist"],
});
// Filter whitelist based on search query
const filteredWhitelist = whitelist?.filter((item) =>
item.ipAddress.toLowerCase().includes(searchQuery.toLowerCase()) ||
item.reason?.toLowerCase().includes(searchQuery.toLowerCase()) ||
item.comment?.toLowerCase().includes(searchQuery.toLowerCase())
);
const addMutation = useMutation({
mutationFn: async (data: z.infer<typeof whitelistFormSchema>) => {
return await apiRequest("POST", "/api/whitelist", data);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/whitelist"] });
toast({
title: "IP aggiunto",
description: "L'indirizzo IP è stato aggiunto alla whitelist",
});
setIsAddDialogOpen(false);
form.reset();
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile aggiungere l'IP alla whitelist",
variant: "destructive",
});
},
});
const deleteMutation = useMutation({
mutationFn: async (id: string) => {
await apiRequest("DELETE", `/api/whitelist/${id}`);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["/api/whitelist"] });
toast({
title: "IP rimosso",
description: "L'indirizzo IP è stato rimosso dalla whitelist",
});
},
onError: (error: any) => {
toast({
title: "Errore",
description: error.message || "Impossibile rimuovere l'IP dalla whitelist",
variant: "destructive",
});
},
});
const onSubmit = (data: z.infer<typeof whitelistFormSchema>) => {
addMutation.mutate(data);
};
return (
<div className="flex flex-col gap-6 p-6" data-testid="page-whitelist">
<div className="flex items-center justify-between">
<div>
<h1 className="text-3xl font-semibold" data-testid="text-page-title">Whitelist IP</h1>
<p className="text-muted-foreground" data-testid="text-page-subtitle">
Gestisci gli indirizzi IP fidati che non verranno bloccati
</p>
</div>
<Dialog open={isAddDialogOpen} onOpenChange={setIsAddDialogOpen}>
<DialogTrigger asChild>
<Button data-testid="button-add-whitelist">
<Plus className="h-4 w-4 mr-2" />
Aggiungi IP
</Button>
</DialogTrigger>
<DialogContent data-testid="dialog-add-whitelist">
<DialogHeader>
<DialogTitle>Aggiungi IP alla Whitelist</DialogTitle>
<DialogDescription>
Inserisci l'indirizzo IP che vuoi proteggere dal blocco automatico
</DialogDescription>
</DialogHeader>
<Form {...form}>
<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4 py-4">
<FormField
control={form.control}
name="ipAddress"
render={({ field }) => (
<FormItem>
<FormLabel>Indirizzo IP *</FormLabel>
<FormControl>
<Input placeholder="192.168.1.100" {...field} data-testid="input-ip" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="reason"
render={({ field }) => (
<FormItem>
<FormLabel>Motivo</FormLabel>
<FormControl>
<Input placeholder="Es: Server backup" {...field} data-testid="input-reason" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<FormField
control={form.control}
name="comment"
render={({ field }) => (
<FormItem>
<FormLabel>Note</FormLabel>
<FormControl>
<Textarea placeholder="Note aggiuntive..." {...field} data-testid="input-comment" />
</FormControl>
<FormMessage />
</FormItem>
)}
/>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => setIsAddDialogOpen(false)}
data-testid="button-cancel"
>
Annulla
</Button>
<Button type="submit" disabled={addMutation.isPending} data-testid="button-confirm-add">
{addMutation.isPending ? "Aggiunta..." : "Aggiungi"}
</Button>
</DialogFooter>
</form>
</Form>
</DialogContent>
</Dialog>
</div>
{/* Search Bar */}
<Card data-testid="card-search">
<CardContent className="pt-6">
<div className="relative">
<Search className="absolute left-3 top-1/2 -translate-y-1/2 h-4 w-4 text-muted-foreground" />
<Input
placeholder="Cerca per IP, motivo o note..."
value={searchQuery}
onChange={(e) => setSearchQuery(e.target.value)}
className="pl-9"
data-testid="input-search-whitelist"
/>
</div>
</CardContent>
</Card>
<Card data-testid="card-whitelist">
<CardHeader>
<CardTitle className="flex items-center gap-2">
<Shield className="h-5 w-5" />
IP Protetti ({filteredWhitelist?.length || 0}{searchQuery && whitelist ? ` di ${whitelist.length}` : ''})
</CardTitle>
</CardHeader>
<CardContent>
{isLoading ? (
<div className="text-center py-8 text-muted-foreground" data-testid="text-loading">
Caricamento...
</div>
) : filteredWhitelist && filteredWhitelist.length > 0 ? (
<div className="space-y-3">
{filteredWhitelist.map((item) => (
<div
key={item.id}
className="p-4 rounded-lg border hover-elevate"
data-testid={`whitelist-item-${item.id}`}
>
<div className="flex items-start justify-between gap-4">
<div className="flex-1 space-y-1">
<div className="flex items-center gap-2">
<p className="font-mono font-medium" data-testid={`text-ip-${item.id}`}>
{item.ipAddress}
</p>
{item.active ? (
<CheckCircle2 className="h-4 w-4 text-green-500" data-testid={`icon-active-${item.id}`} />
) : (
<XCircle className="h-4 w-4 text-muted-foreground" data-testid={`icon-inactive-${item.id}`} />
)}
</div>
{item.reason && (
<p className="text-sm text-muted-foreground" data-testid={`text-reason-${item.id}`}>
<span className="font-medium">Motivo:</span> {item.reason}
</p>
)}
{item.comment && (
<p className="text-sm text-muted-foreground" data-testid={`text-comment-${item.id}`}>
{item.comment}
</p>
)}
<p className="text-xs text-muted-foreground" data-testid={`text-created-${item.id}`}>
Aggiunto il {format(new Date(item.createdAt), "dd/MM/yyyy HH:mm")}
{item.createdBy && ` da ${item.createdBy}`}
</p>
</div>
<Button
variant="ghost"
size="icon"
onClick={() => deleteMutation.mutate(item.id)}
disabled={deleteMutation.isPending}
data-testid={`button-delete-${item.id}`}
>
<Trash2 className="h-4 w-4 text-destructive" />
</Button>
</div>
</div>
))}
</div>
) : (
<div className="text-center py-12 text-muted-foreground" data-testid="text-empty">
<Shield className="h-12 w-12 mx-auto mb-4 opacity-50" />
<p className="font-medium">Nessun IP in whitelist</p>
<p className="text-sm mt-2">Aggiungi indirizzi IP fidati per proteggerli dal blocco automatico</p>
</div>
)}
</CardContent>
</Card>
</div>
);
}

BIN
database-backups/vigilanzaturni_v1.0.1_20251117_084546.sql.gz Normal file
View File

Binary file not shown.

316
database-schema/README.md
View File

@ -1,316 +0,0 @@
# Database Schema & Migrations - Sistema Versionato
## Overview
Sistema intelligente di migrazioni database con **version tracking**. Applica solo le migrazioni necessarie, velocizzando gli aggiornamenti.
## 🎯 Vantaggi
**Veloce**: Applica solo migrazioni mancanti (non riesegue quelle già fatte)
**Sicuro**: Traccia versione database, previene errori
**Automatico**: Integrato in `update_from_git.sh`
**Idempotente**: Puoi eseguire più volte senza problemi
## 📋 Come Funziona
### 1. Tabella `schema_version`
Traccia la versione corrente del database:
```sql
CREATE TABLE schema_version (
id INTEGER PRIMARY KEY DEFAULT 1, -- Sempre 1 (solo 1 riga)
version INTEGER NOT NULL, -- Versione corrente (es: 5)
applied_at TIMESTAMP, -- Quando è stata applicata
description TEXT -- Descrizione ultima migrazione
);
```
### 2. Migrazioni Numerate
Ogni migrazione SQL ha un numero sequenziale nel nome:
```
database-schema/migrations/
├── 000_init_schema_version.sql ← Inizializza tracking (sempre eseguita)
├── 001_add_missing_columns.sql ← Migrazione 1
├── 002_add_indexes.sql ← Migrazione 2
├── 003_alter_detections.sql ← Migrazione 3
└── ...
```
**Convenzione nome**: `XXX_description.sql` dove XXX è numero a 3 cifre (001, 002, 010, 100, etc.)
### 3. Logica Applicazione
```bash
# Script legge versione corrente
CURRENT_VERSION = SELECT version FROM schema_version WHERE id = 1;
# Esempio: 2
# Trova migrazioni con numero > 2
Trova: 003_*.sql, 004_*.sql, 005_*.sql
# Applica in ordine
Per ogni migrazione:
1. Esegui SQL
2. Aggiorna versione: UPDATE schema_version SET version = 3
3. Prossima migrazione...
# Risultato: Database aggiornato da v2 a v5
```
## 🚀 Uso Quotidiano
### Aggiornamento Automatico (Consigliato)
```bash
# Sul server AlmaLinux
cd /opt/ids
sudo ./deployment/update_from_git.sh
# Lo script esegue automaticamente:
# 1. Git pull
# 2. npm install
# 3. pip install
# 4. ./database-schema/apply_migrations.sh ← Applica migrazioni
# 5. npm run db:push ← Sincronizza schema Drizzle
# 6. Restart servizi
```
**Output atteso**:
```
🗄️ Sistema Migrazioni Database (Versioned)
📋 Verifica sistema versioning...
✅ Sistema versioning attivo
📊 Versione database corrente: 2
📋 Trovate 3 migrazioni da applicare
🔄 Applicando migrazione 3: 003_add_indexes.sql
✅ Migrazione 3 applicata con successo
🔄 Applicando migrazione 4: 004_alter_table.sql
✅ Migrazione 4 applicata con successo
🔄 Applicando migrazione 5: 005_new_feature.sql
✅ Migrazione 5 applicata con successo
╔═══════════════════════════════════════════════╗
║ ✅ MIGRAZIONI COMPLETATE ║
╚═══════════════════════════════════════════════╝
📊 Versione database: 2 → 5
```
Se database già aggiornato:
```
📊 Versione database corrente: 5
✅ Database già aggiornato (nessuna migrazione da applicare)
```
### Applicazione Manuale
```bash
cd /opt/ids/database-schema
./apply_migrations.sh
```
### Verifica Versione Corrente
```bash
psql $DATABASE_URL -c "SELECT * FROM schema_version;"
id | version | applied_at | description
----+---------+----------------------------+-----------------------
1 | 5 | 2025-11-22 14:30:15.123456 | Migration 5: Add indexes
```
## 🔨 Creare Nuova Migrazione
### STEP 1: Determina Prossimo Numero
```bash
# Trova ultima migrazione
ls database-schema/migrations/ | grep "^[0-9]" | sort | tail -n 1
# Output: 005_add_indexes.sql
# Prossima migrazione: 006
```
### STEP 2: Crea File Migrazione
```bash
# Formato: XXX_description.sql
touch database-schema/migrations/006_add_new_table.sql
```
### STEP 3: Scrivi SQL
```sql
-- ============================================================================
-- Migration 006: Add new table for feature X
-- ============================================================================
-- Descrizione: Crea tabella per gestire feature X
-- Data: 2025-11-22
-- ============================================================================
CREATE TABLE IF NOT EXISTS my_new_table (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
name TEXT NOT NULL,
created_at TIMESTAMP DEFAULT NOW() NOT NULL
);
-- Crea indici
CREATE INDEX IF NOT EXISTS my_new_table_name_idx ON my_new_table(name);
-- Inserisci dati iniziali (se necessario)
INSERT INTO my_new_table (name)
SELECT 'Default Entry'
WHERE NOT EXISTS (SELECT 1 FROM my_new_table LIMIT 1);
```
**Best Practices**:
- Usa sempre `IF NOT EXISTS` (idempotenza)
- Usa `ALTER TABLE ... ADD COLUMN IF NOT EXISTS`
- Documenta bene la migrazione
- Testa localmente prima di committare
### STEP 4: Testa Localmente (Replit)
```bash
# Su Replit
cd database-schema
./apply_migrations.sh
# Verifica versione aggiornata
psql $DATABASE_URL -c "SELECT version FROM schema_version;"
```
### STEP 5: Commit & Deploy
```bash
# Su Replit
./push-gitlab.sh
# Sul server
cd /opt/ids
sudo ./deployment/update_from_git.sh
```
## 📊 Esempi Migrazioni Comuni
### Aggiungere Colonna
```sql
-- Migration XXX: Add email column to users
ALTER TABLE users
ADD COLUMN IF NOT EXISTS email TEXT;
```
### Creare Indice
```sql
-- Migration XXX: Add index on source_ip
CREATE INDEX IF NOT EXISTS network_logs_source_ip_idx
ON network_logs(source_ip);
```
### Modificare Tipo Colonna (ATTENZIONE!)
```sql
-- Migration XXX: Change column type
-- NOTA: Può causare perdita dati se incompatibile!
ALTER TABLE detections
ALTER COLUMN risk_score TYPE DECIMAL(5,2)
USING risk_score::DECIMAL(5,2);
```
### Inserire Dati Iniziali
```sql
-- Migration XXX: Add default admin user
INSERT INTO users (username, role)
SELECT 'admin', 'admin'
WHERE NOT EXISTS (
SELECT 1 FROM users WHERE username = 'admin'
);
```
## 🔍 Troubleshooting
### Errore: Migrazione Fallisce
```bash
# Verifica errore
psql $DATABASE_URL -c "SELECT version FROM schema_version;"
# Se migrazione 5 è fallita, il database è ancora a v4
# Fix: Correggi file 005_*.sql e riesegui
./apply_migrations.sh
```
### Reset Completo (ATTENZIONE!)
```bash
# ⚠️ DISTRUTTIVO - Cancella tutti i dati!
psql $DATABASE_URL << 'EOF'
DROP SCHEMA public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO ids_user;
GRANT ALL ON SCHEMA public TO public;
EOF
# Ricrea schema da zero
npm run db:push --force
./apply_migrations.sh
```
### Saltare Migrazione (Avanzato)
```bash
# Se migrazione 003 è già applicata manualmente
# Aggiorna versione manualmente
psql $DATABASE_URL -c "
UPDATE schema_version
SET version = 3,
description = 'Migration 3: Manually applied',
applied_at = NOW()
WHERE id = 1;
"
```
## 🎯 Workflow Completo
### Sviluppo (Replit)
1. Modifica schema in `shared/schema.ts`
2. Esegui `npm run db:push` (sincronizza Drizzle)
3. Se serve migrazione SQL custom:
- Crea `XXX_description.sql`
- Testa con `./apply_migrations.sh`
4. Commit: `./push-gitlab.sh`
### Produzione (AlmaLinux)
1. `sudo ./deployment/update_from_git.sh`
2. Script applica automaticamente migrazioni
3. Verifica: `psql $DATABASE_URL -c "SELECT * FROM schema_version;"`
## 📝 Note Tecniche
- **000_init_schema_version.sql**: Sempre eseguita (idempotente), inizializza tracking
- **Constraint**: Tabella `schema_version` ammette solo 1 riga (id=1)
- **Formato numeri**: Usa 3 cifre (001, 002, ..., 010, ..., 100) per ordinamento corretto
- **Drizzle vs SQL**: `npm run db:push` sincronizza schema TypeScript, migrazioni SQL sono per logica custom
## ✅ Checklist Pre-Commit
Quando crei nuova migrazione:
- [ ] Numero sequenziale corretto (XXX+1)
- [ ] Nome file descrittivo
- [ ] Commento header con descrizione
- [ ] SQL idempotente (`IF NOT EXISTS`, etc.)
- [ ] Testata localmente su Replit
- [ ] Versione aggiornata: `SELECT version FROM schema_version;`
- [ ] Commit message chiaro

164
database-schema/apply_migrations.sh
View File

@ -1,164 +0,0 @@
#!/bin/bash
# =============================================================================
# IDS - Applica Migrazioni Database (con Version Tracking)
# =============================================================================
# Sistema intelligente di migrazioni:
# - Controlla versione corrente database
# - Applica SOLO migrazioni mancanti (più veloce!)
# - Aggiorna versione dopo ogni migrazione
# =============================================================================
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
MIGRATIONS_DIR="$SCRIPT_DIR/migrations"
IDS_DIR="$(dirname "$SCRIPT_DIR")"
DEPLOYMENT_MIGRATIONS_DIR="$IDS_DIR/deployment/migrations"
# Carica variabili ambiente ed esportale
if [ -f "$IDS_DIR/.env" ]; then
set -a
source "$IDS_DIR/.env"
set +a
fi
# Colori
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
CYAN='\033[0;36m'
NC='\033[0m'
echo -e "${BLUE}🗄️ Sistema Migrazioni Database (Versioned)${NC}"
# Verifica DATABASE_URL
if [ -z "$DATABASE_URL" ]; then
echo -e "${RED}❌ DATABASE_URL non impostato${NC}"
echo -e "${YELLOW} File .env non trovato o DATABASE_URL mancante${NC}"
exit 1
fi
# Crea directory migrations se non esiste
mkdir -p "$MIGRATIONS_DIR"
# =============================================================================
# STEP 1: Inizializza tracking versione (se necessario)
# =============================================================================
echo -e "${CYAN}📋 Verifica sistema versioning...${NC}"
# Esegue 000_init_schema_version.sql (idempotente)
INIT_MIGRATION="$MIGRATIONS_DIR/000_init_schema_version.sql"
if [ -f "$INIT_MIGRATION" ]; then
psql "$DATABASE_URL" -f "$INIT_MIGRATION" -q
echo -e "${GREEN}✅ Sistema versioning attivo${NC}"
else
echo -e "${YELLOW}⚠️ Migration 000_init_schema_version.sql non trovata${NC}"
echo -e "${YELLOW} Creazione tabella schema_version...${NC}"
psql "$DATABASE_URL" << 'EOF' -q
CREATE TABLE IF NOT EXISTS schema_version (
id INTEGER PRIMARY KEY DEFAULT 1,
version INTEGER NOT NULL DEFAULT 0,
applied_at TIMESTAMP NOT NULL DEFAULT NOW(),
description TEXT
);
INSERT INTO schema_version (id, version, description)
SELECT 1, 0, 'Initial schema version tracking'
WHERE NOT EXISTS (SELECT 1 FROM schema_version WHERE id = 1);
EOF
echo -e "${GREEN}✅ Tabella schema_version creata${NC}"
fi
# =============================================================================
# STEP 2: Leggi versione corrente database
# =============================================================================
CURRENT_VERSION=$(psql "$DATABASE_URL" -tAc "SELECT COALESCE(version, 0) FROM schema_version WHERE id = 1;" 2>/dev/null || echo "0")
echo -e "${CYAN}📊 Versione database corrente: ${YELLOW}${CURRENT_VERSION}${NC}"
# =============================================================================
# STEP 3: Trova migrazioni da applicare
# =============================================================================
# Formato migrazioni: 001_description.sql, 002_another.sql, etc.
# Cerca in ENTRAMBE le cartelle: database-schema/migrations E deployment/migrations
MIGRATIONS_TO_APPLY=()
# Combina migrations da entrambe le cartelle e ordina per numero
ALL_MIGRATIONS=""
if [ -d "$MIGRATIONS_DIR" ]; then
ALL_MIGRATIONS+=$(find "$MIGRATIONS_DIR" -name "[0-9][0-9][0-9]_*.sql" 2>/dev/null || true)
fi
if [ -d "$DEPLOYMENT_MIGRATIONS_DIR" ]; then
if [ -n "$ALL_MIGRATIONS" ]; then
ALL_MIGRATIONS+=$'\n'
fi
ALL_MIGRATIONS+=$(find "$DEPLOYMENT_MIGRATIONS_DIR" -name "[0-9][0-9][0-9]_*.sql" 2>/dev/null || true)
fi
# Ordina le migrations per nome file (NNN_*.sql) estraendo il basename
SORTED_MIGRATIONS=$(echo "$ALL_MIGRATIONS" | grep -v '^$' | while read f; do echo "$(basename "$f"):$f"; done | sort | cut -d':' -f2)
for migration_file in $SORTED_MIGRATIONS; do
MIGRATION_NAME=$(basename "$migration_file")
# Estrai numero versione dal nome file (001, 002, etc.)
MIGRATION_VERSION=$(echo "$MIGRATION_NAME" | sed 's/^\([0-9]\{3\}\)_.*/\1/' | sed 's/^0*//')
# Se versione vuota (000), salta
if [ -z "$MIGRATION_VERSION" ]; then
continue
fi
# Se migrazione > versione corrente, aggiungila
if [ "$MIGRATION_VERSION" -gt "$CURRENT_VERSION" ]; then
MIGRATIONS_TO_APPLY+=("$migration_file:$MIGRATION_VERSION:$MIGRATION_NAME")
fi
done
# =============================================================================
# STEP 4: Applica migrazioni mancanti
# =============================================================================
if [ ${#MIGRATIONS_TO_APPLY[@]} -eq 0 ]; then
echo -e "${GREEN}✅ Database già aggiornato (nessuna migrazione da applicare)${NC}"
exit 0
fi
echo -e "${BLUE}📋 Trovate ${#MIGRATIONS_TO_APPLY[@]} migrazioni da applicare${NC}"
echo ""
for migration_info in "${MIGRATIONS_TO_APPLY[@]}"; do
IFS=':' read -r migration_file migration_version migration_name <<< "$migration_info"
echo -e "${BLUE}🔄 Applicando migrazione ${migration_version}: ${CYAN}${migration_name}${NC}"
# Applica migrazione
if psql "$DATABASE_URL" -f "$migration_file" -q 2>&1 | tee /tmp/migration_output.log | grep -qiE "error|fatal"; then
echo -e "${RED}❌ Errore in migrazione ${migration_version}${NC}"
cat /tmp/migration_output.log
exit 1
fi
# Aggiorna versione nel database
DESCRIPTION=$(head -n 5 "$migration_file" | grep -E "^--.*Migration" | sed 's/^--.*Migration [0-9]*: //' || echo "Migration $migration_version")
psql "$DATABASE_URL" -q << EOF
UPDATE schema_version
SET version = $migration_version,
applied_at = NOW(),
description = '$DESCRIPTION'
WHERE id = 1;
EOF
echo -e "${GREEN} ✅ Migrazione ${migration_version} applicata con successo${NC}"
echo ""
done
# =============================================================================
# STEP 5: Verifica versione finale
# =============================================================================
FINAL_VERSION=$(psql "$DATABASE_URL" -tAc "SELECT version FROM schema_version WHERE id = 1;")
echo -e "${GREEN}╔═══════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║ ✅ MIGRAZIONI COMPLETATE ║${NC}"
echo -e "${GREEN}╚═══════════════════════════════════════════════╝${NC}"
echo -e "${CYAN}📊 Versione database: ${YELLOW}${CURRENT_VERSION}${CYAN}${GREEN}${FINAL_VERSION}${NC}"
echo ""

40
database-schema/cleanup_old_logs.sql
View File

@ -1,40 +0,0 @@
-- =============================================================================
-- IDS - Pulizia Automatica Log Vecchi
-- =============================================================================
-- Mantiene solo gli ultimi 3 giorni di network_logs
-- Con 4.7M record/ora, 3 giorni = ~340M record massimi
-- Esegui giornalmente via cron: psql $DATABASE_URL < cleanup_old_logs.sql
-- =============================================================================
-- Conta log prima della pulizia
DO $$
DECLARE
total_count bigint;
old_count bigint;
BEGIN
SELECT COUNT(*) INTO total_count FROM network_logs;
SELECT COUNT(*) INTO old_count FROM network_logs WHERE timestamp < NOW() - INTERVAL '3 days';
RAISE NOTICE 'Log totali: %', total_count;
RAISE NOTICE 'Log da eliminare (>3 giorni): %', old_count;
END $$;
-- Elimina log più vecchi di 3 giorni
DELETE FROM network_logs
WHERE timestamp < NOW() - INTERVAL '3 days';
-- Vacuum per liberare spazio fisico
VACUUM ANALYZE network_logs;
-- Conta log dopo pulizia
DO $$
DECLARE
remaining_count bigint;
db_size text;
BEGIN
SELECT COUNT(*) INTO remaining_count FROM network_logs;
SELECT pg_size_pretty(pg_database_size(current_database())) INTO db_size;
RAISE NOTICE 'Log rimanenti: %', remaining_count;
RAISE NOTICE 'Dimensione database: %', db_size;
END $$;

35
database-schema/create_detections.sql
View File

@ -1,35 +0,0 @@
-- =========================================================
-- SCHEMA: Tabella detections per IDS anomalie
-- =========================================================
-- Memorizza IP rilevati come pericolosi dal ML
-- =========================================================
-- Drop tabella se esiste (solo per ambiente di sviluppo)
DROP TABLE IF EXISTS detections CASCADE;
-- Crea tabella detections
CREATE TABLE detections (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
source_ip TEXT NOT NULL,
risk_score DECIMAL(5, 2) NOT NULL,
confidence DECIMAL(5, 2) NOT NULL,
anomaly_type TEXT NOT NULL,
reason TEXT,
log_count INTEGER NOT NULL,
first_seen TIMESTAMP NOT NULL,
last_seen TIMESTAMP NOT NULL,
blocked BOOLEAN NOT NULL DEFAULT FALSE,
blocked_at TIMESTAMP,
detected_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indici per performance
CREATE INDEX IF NOT EXISTS detection_source_ip_idx ON detections(source_ip);
CREATE INDEX IF NOT EXISTS risk_score_idx ON detections(risk_score);
CREATE INDEX IF NOT EXISTS detected_at_idx ON detections(detected_at);
-- Commento tabella
COMMENT ON TABLE detections IS 'IP pericolosi rilevati dal sistema ML (Isolation Forest)';
-- Verifica
SELECT 'Tabella detections creata con successo!' AS status;

35
database-schema/create_network_logs.sql
View File

@ -1,35 +0,0 @@
-- =========================================================
-- SCHEMA: Tabella network_logs per IDS MikroTik
-- =========================================================
-- Creata per compatibilità con syslog_parser.py
-- =========================================================
-- Drop tabella se esiste (solo per ambiente di sviluppo)
DROP TABLE IF EXISTS network_logs CASCADE;
-- Crea tabella network_logs
CREATE TABLE network_logs (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
router_name TEXT NOT NULL,
timestamp TIMESTAMP NOT NULL,
source_ip TEXT NOT NULL,
source_port INTEGER,
destination_ip TEXT,
destination_port INTEGER,
protocol TEXT,
action TEXT,
packet_length INTEGER,
raw_message TEXT,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indici per performance
CREATE INDEX IF NOT EXISTS source_ip_idx ON network_logs(source_ip);
CREATE INDEX IF NOT EXISTS timestamp_idx ON network_logs(timestamp);
CREATE INDEX IF NOT EXISTS router_name_idx ON network_logs(router_name);
-- Commento tabella
COMMENT ON TABLE network_logs IS 'Log di rete da router MikroTik via syslog (parsati da syslog_parser.py)';
-- Verifica
SELECT 'Tabella network_logs creata con successo!' AS status;

37
database-schema/create_routers.sql
View File

@ -1,37 +0,0 @@
-- =========================================================
-- SCHEMA: Tabella routers per gestione router MikroTik
-- =========================================================
-- Memorizza configurazione router per comunicazione API REST
-- =========================================================
-- Drop tabella se esiste (solo per ambiente di sviluppo)
DROP TABLE IF EXISTS routers CASCADE;
-- Crea tabella routers
CREATE TABLE routers (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
name TEXT NOT NULL,
ip_address TEXT NOT NULL UNIQUE,
username TEXT NOT NULL,
password TEXT NOT NULL,
api_port INTEGER NOT NULL DEFAULT 443,
enabled BOOLEAN NOT NULL DEFAULT TRUE,
last_check TIMESTAMP,
status TEXT,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indici per performance
CREATE INDEX IF NOT EXISTS routers_ip_idx ON routers(ip_address);
CREATE INDEX IF NOT EXISTS routers_enabled_idx ON routers(enabled);
-- Commento tabella
COMMENT ON TABLE routers IS 'Configurazione router MikroTik per comunicazione API REST';
-- Inserisci router di esempio (FIBRA)
INSERT INTO routers (name, ip_address, username, password, api_port, enabled)
VALUES ('Router FIBRA', '192.178.204.1', 'admin', 'change_me', 443, true)
ON CONFLICT (ip_address) DO NOTHING;
-- Verifica
SELECT 'Tabella routers creata con successo!' AS status;

30
database-schema/create_training_history.sql
View File

@ -1,30 +0,0 @@
-- =========================================================
-- SCHEMA: Tabella training_history per storico ML
-- =========================================================
-- Memorizza storia training modelli ML
-- =========================================================
-- Drop tabella se esiste (solo per ambiente di sviluppo)
DROP TABLE IF EXISTS training_history CASCADE;
-- Crea tabella training_history
CREATE TABLE training_history (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
model_version TEXT NOT NULL,
records_processed INTEGER NOT NULL,
features_count INTEGER NOT NULL,
accuracy DECIMAL(5, 2),
training_duration INTEGER,
status TEXT NOT NULL,
notes TEXT,
trained_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indici per performance
CREATE INDEX IF NOT EXISTS trained_at_idx ON training_history(trained_at);
-- Commento tabella
COMMENT ON TABLE training_history IS 'Storico training modelli ML per IDS';
-- Verifica
SELECT 'Tabella training_history creata con successo!' AS status;

29
database-schema/create_whitelist.sql
View File

@ -1,29 +0,0 @@
-- =========================================================
-- SCHEMA: Tabella whitelist per IP fidati
-- =========================================================
-- IP che non devono mai essere bloccati
-- =========================================================
-- Drop tabella se esiste (solo per ambiente di sviluppo)
DROP TABLE IF EXISTS whitelist CASCADE;
-- Crea tabella whitelist
CREATE TABLE whitelist (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
ip_address TEXT NOT NULL UNIQUE,
comment TEXT,
reason TEXT,
created_by TEXT,
active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indici per performance
CREATE INDEX IF NOT EXISTS whitelist_ip_idx ON whitelist(ip_address);
CREATE INDEX IF NOT EXISTS whitelist_active_idx ON whitelist(active);
-- Commento tabella
COMMENT ON TABLE whitelist IS 'IP fidati che non devono mai essere bloccati dal sistema';
-- Verifica
SELECT 'Tabella whitelist creata con successo!' AS status;

23
database-schema/migrations/000_init_schema_version.sql
View File

@ -1,23 +0,0 @@
-- ============================================================================
-- Migration 000: Initialize schema version tracking
-- ============================================================================
-- Crea tabella per tracciare versione schema database
-- Previene re-esecuzione di migrazioni già applicate
-- ============================================================================
-- Crea tabella schema_version se non esiste
CREATE TABLE IF NOT EXISTS schema_version (
id INTEGER PRIMARY KEY DEFAULT 1,
version INTEGER NOT NULL DEFAULT 0,
applied_at TIMESTAMP NOT NULL DEFAULT NOW(),
description TEXT
);
-- Inserisci versione iniziale (solo se tabella vuota)
INSERT INTO schema_version (id, version, description)
SELECT 1, 0, 'Initial schema version tracking'
WHERE NOT EXISTS (SELECT 1 FROM schema_version WHERE id = 1);
-- Constraint: solo 1 riga ammessa
ALTER TABLE schema_version ADD CONSTRAINT schema_version_single_row
CHECK (id = 1) NOT VALID;

35
database-schema/migrations/001_add_missing_columns.sql
View File

@ -1,35 +0,0 @@
-- Migration 001: Add missing columns to routers table
-- Date: 2025-11-21
-- Description: Adds api_port and last_sync columns if missing
-- Add api_port column if not exists
ALTER TABLE routers
ADD COLUMN IF NOT EXISTS api_port integer NOT NULL DEFAULT 8728;
-- Add last_sync column if not exists
ALTER TABLE routers
ADD COLUMN IF NOT EXISTS last_sync timestamp;
-- Add created_at if missing (fallback for older schemas)
ALTER TABLE routers
ADD COLUMN IF NOT EXISTS created_at timestamp DEFAULT now() NOT NULL;
-- Verify columns exist
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'routers'
AND column_name = 'api_port'
) THEN
RAISE NOTICE 'Column api_port exists';
END IF;
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'routers'
AND column_name = 'last_sync'
) THEN
RAISE NOTICE 'Column last_sync exists';
END IF;
END $$;

18
database-schema/migrations/002_example_add_index.sql
View File

@ -1,18 +0,0 @@
-- ============================================================================
-- Migration 002: Add performance indexes
-- ============================================================================
-- Descrizione: Aggiunge indici per migliorare performance query detections
-- Data: 2025-11-22
-- ============================================================================
-- Indice su blocked per filtrare IP bloccati
CREATE INDEX IF NOT EXISTS detections_blocked_idx
ON detections(blocked);
-- Indice composto per query "IP bloccati recenti"
CREATE INDEX IF NOT EXISTS detections_blocked_detected_idx
ON detections(blocked, detected_at)
WHERE blocked = true;
-- Commento descrittivo
COMMENT ON INDEX detections_blocked_idx IS 'Index for filtering blocked IPs';

54
database-schema/migrations/003_fix_network_logs_columns.sql
View File

@ -1,54 +0,0 @@
-- =========================================================
-- MIGRAZIONE 003: Fix network_logs columns (dest_ip -> destination_ip)
-- =========================================================
-- Assicura che le colonne di network_logs usino i nomi corretti
-- Rinomina dest_ip -> destination_ip se esiste
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'network_logs' AND column_name = 'dest_ip'
) THEN
ALTER TABLE network_logs RENAME COLUMN dest_ip TO destination_ip;
RAISE NOTICE 'Colonna dest_ip rinominata in destination_ip';
END IF;
END $$;
-- Rinomina dest_port -> destination_port se esiste
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'network_logs' AND column_name = 'dest_port'
) THEN
ALTER TABLE network_logs RENAME COLUMN dest_port TO destination_port;
RAISE NOTICE 'Colonna dest_port rinominata in destination_port';
END IF;
END $$;
-- Rinomina src_ip -> source_ip se esiste
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'network_logs' AND column_name = 'src_ip'
) THEN
ALTER TABLE network_logs RENAME COLUMN src_ip TO source_ip;
RAISE NOTICE 'Colonna src_ip rinominata in source_ip';
END IF;
END $$;
-- Rinomina src_port -> source_port se esiste
DO $$
BEGIN
IF EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_name = 'network_logs' AND column_name = 'src_port'
) THEN
ALTER TABLE network_logs RENAME COLUMN src_port TO source_port;
RAISE NOTICE 'Colonna src_port rinominata in source_port';
END IF;
END $$;
SELECT 'Migrazione 003 completata!' AS status;

Some files were not shown because too many files have changed in this diff Show More