sendnrw/siem-backend
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

deploy/mariadb/init/001-schema.sql aktualisiert
All checks were successful
release-tag / release-image (push) Successful in 2m29s
Details

Browse Source
This commit is contained in:
Jan
2026-05-18 05:51:08 +00:00
parent a5b8ed3d3f
commit 2013a1ebc7
1 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
deploy/mariadb/init/001-schema.sql
View File

@@ -1,5 +1,5 @@
-- SIEM-lite vollständiges MariaDB-kompatibles Datenbankschema
-- Stand: Partitionierung event_logs/event_logs_raw, 3h-Partitionen, Raw-XML-Auslagerung,
-- Stand: Partitionierung event_logs/event_log_raw, 3h-Partitionen, Raw-XML-Auslagerung,
-- Baseline-Buckets, UEBA, SOC/Risk, UI-Bewertungen.
--
-- Getestet/ausgelegt für MariaDB/MySQL InnoDB.
@@ -34,7 +34,7 @@ DROP TABLE IF EXISTS user_privilege_baseline;
DROP TABLE IF EXISTS user_source_ip_seen;
DROP TABLE IF EXISTS ueba_user_baseline;
DROP TABLE IF EXISTS privileged_users;
DROP TABLE IF EXISTS event_logs_raw;
DROP TABLE IF EXISTS event_log_raw;
DROP TABLE IF EXISTS event_logs;
DROP TABLE IF EXISTS agents;
@@ -102,7 +102,7 @@ CREATE TABLE event_logs (
received_at DATETIME(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
msg_sha256 CHAR(64) NOT NULL,
-- Optionaler Kompatibilitätsrest. Raw XML gehört in event_logs_raw.
-- Optionaler Kompatibilitätsrest. Raw XML gehört in event_log_raw.
msg MEDIUMTEXT NULL,
PRIMARY KEY (id, ts),
@@ -160,7 +160,7 @@ PARTITION BY RANGE COLUMNS(ts) (
-- Raw XML Tabelle
-- ---------------------------------------------------------------------
CREATE TABLE event_logs_raw (
CREATE TABLE event_log_raw (
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
event_log_id BIGINT UNSIGNED NOT NULL,
ts DATETIME(6) NOT NULL,
@@ -171,11 +171,11 @@ CREATE TABLE event_logs_raw (
PRIMARY KEY (id, ts),
KEY idx_event_logs_raw_id (id),
KEY idx_event_logs_raw_event_log_id (event_log_id),
KEY idx_event_logs_raw_ts (ts),
KEY idx_event_logs_raw_sha (msg_sha256),
UNIQUE KEY uq_event_logs_raw_event_ts (event_log_id, ts)
KEY idx_event_log_raw_id (id),
KEY idx_event_log_raw_event_log_id (event_log_id),
KEY idx_event_log_raw_ts (ts),
KEY idx_event_log_raw_sha (msg_sha256),
UNIQUE KEY uq_event_log_raw_event_ts (event_log_id, ts)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
PARTITION BY RANGE COLUMNS(ts) (
PARTITION pmax VALUES LESS THAN (MAXVALUE)
@@ -607,19 +607,19 @@ BEGIN
INTO v_exists
FROM information_schema.PARTITIONS
WHERE TABLE_SCHEMA = DATABASE()
AND TABLE_NAME = 'event_logs_raw'
AND TABLE_NAME = 'event_log_raw'
AND PARTITION_NAME = v_part_name;
IF v_exists = 0 THEN
SET @sql_event_logs_raw = CONCAT(
'ALTER TABLE event_logs_raw REORGANIZE PARTITION pmax INTO (',
SET @sql_event_log_raw = CONCAT(
'ALTER TABLE event_log_raw REORGANIZE PARTITION pmax INTO (',
'PARTITION ', v_part_name, ' VALUES LESS THAN (''', DATE_FORMAT(v_part_end, '%Y-%m-%d %H:%i:%s'), '''),',
'PARTITION pmax VALUES LESS THAN (MAXVALUE))'
);
PREPARE stmt_event_logs_raw FROM @sql_event_logs_raw;
EXECUTE stmt_event_logs_raw;
DEALLOCATE PREPARE stmt_event_logs_raw;
PREPARE stmt_event_log_raw FROM @sql_event_log_raw;
EXECUTE stmt_event_log_raw;
DEALLOCATE PREPARE stmt_event_log_raw;
END IF;
SET v_current = v_part_end;
@@ -2150,9 +2150,9 @@ WHERE name LIKE 'v1_%';
-- SELECT TABLE_NAME, PARTITION_NAME, PARTITION_DESCRIPTION, TABLE_ROWS
-- FROM information_schema.PARTITIONS
-- WHERE TABLE_SCHEMA = DATABASE()
-- AND TABLE_NAME IN ('event_logs', 'event_logs_raw')
-- AND TABLE_NAME IN ('event_logs', 'event_log_raw')
-- ORDER BY TABLE_NAME, PARTITION_ORDINAL_POSITION;
--
-- SHOW INDEX FROM event_logs;
-- SHOW INDEX FROM event_logs_raw;
-- SHOW INDEX FROM event_log_raw;
-- SHOW INDEX FROM detections;