From 2013a1ebc7ab7262fe11da19880034a7a1ec71db Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 18 May 2026 05:51:08 +0000 Subject: [PATCH] deploy/mariadb/init/001-schema.sql aktualisiert --- deploy/mariadb/init/001-schema.sql | 34 +++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/deploy/mariadb/init/001-schema.sql b/deploy/mariadb/init/001-schema.sql index 29db4a1..3d6c7b2 100644 --- a/deploy/mariadb/init/001-schema.sql +++ b/deploy/mariadb/init/001-schema.sql @@ -1,5 +1,5 @@ -- SIEM-lite vollständiges MariaDB-kompatibles Datenbankschema --- Stand: Partitionierung event_logs/event_logs_raw, 3h-Partitionen, Raw-XML-Auslagerung, +-- Stand: Partitionierung event_logs/event_log_raw, 3h-Partitionen, Raw-XML-Auslagerung, -- Baseline-Buckets, UEBA, SOC/Risk, UI-Bewertungen. -- -- Getestet/ausgelegt für MariaDB/MySQL InnoDB. @@ -34,7 +34,7 @@ DROP TABLE IF EXISTS user_privilege_baseline; DROP TABLE IF EXISTS user_source_ip_seen; DROP TABLE IF EXISTS ueba_user_baseline; DROP TABLE IF EXISTS privileged_users; -DROP TABLE IF EXISTS event_logs_raw; +DROP TABLE IF EXISTS event_log_raw; DROP TABLE IF EXISTS event_logs; DROP TABLE IF EXISTS agents; @@ -102,7 +102,7 @@ CREATE TABLE event_logs ( received_at DATETIME(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6), msg_sha256 CHAR(64) NOT NULL, - -- Optionaler Kompatibilitätsrest. Raw XML gehört in event_logs_raw. + -- Optionaler Kompatibilitätsrest. Raw XML gehört in event_log_raw. msg MEDIUMTEXT NULL, PRIMARY KEY (id, ts), @@ -160,7 +160,7 @@ PARTITION BY RANGE COLUMNS(ts) ( -- Raw XML Tabelle -- --------------------------------------------------------------------- -CREATE TABLE event_logs_raw ( +CREATE TABLE event_log_raw ( id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT, event_log_id BIGINT UNSIGNED NOT NULL, ts DATETIME(6) NOT NULL, @@ -171,11 +171,11 @@ CREATE TABLE event_logs_raw ( PRIMARY KEY (id, ts), - KEY idx_event_logs_raw_id (id), - KEY idx_event_logs_raw_event_log_id (event_log_id), - KEY idx_event_logs_raw_ts (ts), - KEY idx_event_logs_raw_sha (msg_sha256), - UNIQUE KEY uq_event_logs_raw_event_ts (event_log_id, ts) + KEY idx_event_log_raw_id (id), + KEY idx_event_log_raw_event_log_id (event_log_id), + KEY idx_event_log_raw_ts (ts), + KEY idx_event_log_raw_sha (msg_sha256), + UNIQUE KEY uq_event_log_raw_event_ts (event_log_id, ts) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci PARTITION BY RANGE COLUMNS(ts) ( PARTITION pmax VALUES LESS THAN (MAXVALUE) @@ -607,19 +607,19 @@ BEGIN INTO v_exists FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = DATABASE() - AND TABLE_NAME = 'event_logs_raw' + AND TABLE_NAME = 'event_log_raw' AND PARTITION_NAME = v_part_name; IF v_exists = 0 THEN - SET @sql_event_logs_raw = CONCAT( - 'ALTER TABLE event_logs_raw REORGANIZE PARTITION pmax INTO (', + SET @sql_event_log_raw = CONCAT( + 'ALTER TABLE event_log_raw REORGANIZE PARTITION pmax INTO (', 'PARTITION ', v_part_name, ' VALUES LESS THAN (''', DATE_FORMAT(v_part_end, '%Y-%m-%d %H:%i:%s'), '''),', 'PARTITION pmax VALUES LESS THAN (MAXVALUE))' ); - PREPARE stmt_event_logs_raw FROM @sql_event_logs_raw; - EXECUTE stmt_event_logs_raw; - DEALLOCATE PREPARE stmt_event_logs_raw; + PREPARE stmt_event_log_raw FROM @sql_event_log_raw; + EXECUTE stmt_event_log_raw; + DEALLOCATE PREPARE stmt_event_log_raw; END IF; SET v_current = v_part_end; @@ -2150,9 +2150,9 @@ WHERE name LIKE 'v1_%'; -- SELECT TABLE_NAME, PARTITION_NAME, PARTITION_DESCRIPTION, TABLE_ROWS -- FROM information_schema.PARTITIONS -- WHERE TABLE_SCHEMA = DATABASE() --- AND TABLE_NAME IN ('event_logs', 'event_logs_raw') +-- AND TABLE_NAME IN ('event_logs', 'event_log_raw') -- ORDER BY TABLE_NAME, PARTITION_ORDINAL_POSITION; -- -- SHOW INDEX FROM event_logs; --- SHOW INDEX FROM event_logs_raw; +-- SHOW INDEX FROM event_log_raw; -- SHOW INDEX FROM detections;