marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fa61c820e7
ids.alfacom.it/database-schema/migrations/005_create_network_analytics.sql
marco370 cbd03d9e64 Add network analytics and live dashboard features 
Introduce new network analytics capabilities with persistent storage, hourly and daily aggregations, and enhanced frontend visualizations. This includes API endpoints for retrieving analytics data, systemd services for automated aggregation, and UI updates for live and historical dashboards. Additionally, country flag emojis are now displayed on the detections page.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Event-Id: 3c14f651-7633-4128-8526-314b4942b3a0
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/oGXAoP7
2025-11-22 11:34:36 +00:00

49 lines
1.9 KiB
SQL
Raw Blame History

-- Migration 005: Create network_analytics table for permanent traffic statistics
-- This table stores aggregated traffic data (normal + attacks) with hourly and daily granularity
-- Data persists beyond the 3-day log retention for long-term analytics
CREATE TABLE IF NOT EXISTS network_analytics (
id VARCHAR PRIMARY KEY DEFAULT gen_random_uuid(),
date TIMESTAMP NOT NULL,
hour INT, -- NULL = daily aggregation, 0-23 = hourly
-- Total traffic metrics
total_packets INT NOT NULL DEFAULT 0,
total_bytes BIGINT NOT NULL DEFAULT 0,
unique_ips INT NOT NULL DEFAULT 0,
-- Normal traffic (non-anomalous)
normal_packets INT NOT NULL DEFAULT 0,
normal_bytes BIGINT NOT NULL DEFAULT 0,
normal_unique_ips INT NOT NULL DEFAULT 0,
top_normal_ips TEXT, -- JSON: [{ip, packets, bytes, country}]
-- Attack/Anomaly traffic
attack_packets INT NOT NULL DEFAULT 0,
attack_bytes BIGINT NOT NULL DEFAULT 0,
attack_unique_ips INT NOT NULL DEFAULT 0,
attacks_by_country TEXT, -- JSON: {IT: 5, RU: 30, ...}
attacks_by_type TEXT, -- JSON: {ddos: 10, port_scan: 5, ...}
top_attackers TEXT, -- JSON: [{ip, country, risk_score, packets}]
-- Geographic distribution (all traffic)
traffic_by_country TEXT, -- JSON: {IT: {normal: 100, attacks: 5}, ...}
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
-- Ensure unique aggregation per date/hour
UNIQUE(date, hour)
);
-- Indexes for fast queries
CREATE INDEX IF NOT EXISTS network_analytics_date_hour_idx ON network_analytics(date, hour);
CREATE INDEX IF NOT EXISTS network_analytics_date_idx ON network_analytics(date);
-- Update schema version
INSERT INTO schema_version (version, description)
VALUES (5, 'Create network_analytics table for traffic statistics')
ON CONFLICT (id) DO UPDATE SET
version = 5,
description = 'Create network_analytics table for traffic statistics',
applied_at = NOW();
Reference in New Issue View Git Blame Copy Permalink