tsg 23.05 ck proxy_event增加ssl和intercept字段

Clickhouse最新全量建表语句/TSG_OLAP_PRIMARY_KEY_LOG_ID/Clickhouse_TSG_建表语句.sql

@@ -3355,7 +3355,27 @@ CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_local ON CLUSTER ck_cluster
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 )
 ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) 
 PRIMARY KEY (common_log_id,common_policy_id,common_recv_time)
@@ -3532,7 +3552,27 @@ create table IF NOT EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_cluster (
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 ) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_local,rand());
 
 
@@ -3705,7 +3745,27 @@ create table IF NOT EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_query (
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 ) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_local,rand());
 
 

Clickhouse最新全量建表语句/TSG_OLAP_PRIMARY_KEY_VSYS_ID/Clickhouse_TSG_建表语句.sql

@@ -3347,7 +3347,27 @@ CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_local ON CLUSTER ck_cluster
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 )
 ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) 
 ORDER BY (common_vsys_id,common_sub_action,common_policy_id,common_recv_time,common_log_id);
@@ -3523,7 +3543,27 @@ create table IF NOT EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_cluster (
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 ) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_local,rand());
 
 
@@ -3696,7 +3736,27 @@ create table IF NOT EXISTS tsg_galaxy_v3.proxy_event ON CLUSTER ck_query (
 	rdp_keyboard_layout  String,
 	rdp_client_channels  String,
 	rdp_security_protocol  String,
-	rdp_cookie  String
+	rdp_cookie  String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_ja3s_fingerprint String,
+	ssl_ja3s_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	intercept_pinning_status Int64,
+	intercept_status Int64,
+	intercept_passthrough_reason String,
+	intercept_server_side_latency Int64,
+	intercept_client_side_latency Int64,
+	intercept_server_side_version String,
+	intercept_client_side_version String,
+	intercept_cert_verify Int64,
+	intercept_error String
 ) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_local,rand());
 
 

TSG发布版本更新记录/TSG-23.05/clickhouse/update-23.05-ck.sql

@@ -0,0 +1,82 @@
+set distributed_ddl_task_timeout = 180;
+
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_error String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_error String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_error String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_cert_verify Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_cert_verify Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_cert_verify Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_client_side_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_client_side_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_client_side_version String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_server_side_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_server_side_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_server_side_version String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_client_side_latency Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_client_side_latency Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_client_side_latency Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_server_side_latency Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_server_side_latency Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_server_side_latency Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_passthrough_reason String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_passthrough_reason String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_passthrough_reason String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_status Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_status Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_status Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS intercept_pinning_status Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS intercept_pinning_status Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS intercept_pinning_status Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_cert_subject String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_cert_subject String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_cert_subject String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_cert_issuer String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_cert_issuer String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_cert_issuer String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_ja3s_hash String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_ja3s_hash String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_ja3s_hash String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_ja3s_fingerprint String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_ja3s_fingerprint String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_ja3s_fingerprint String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_ja3_hash String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_ja3_hash String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_ja3_hash String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_ja3_fingerprint String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_ja3_fingerprint String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_ja3_fingerprint String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_con_latency_ms Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_con_latency_ms Int64 after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_con_latency_ms Int64 after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_cn String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_cn String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_cn String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_san String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_san String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_san String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_sni String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_sni String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_sni String after rdp_cookie;
+
+ALTER  table tsg_galaxy_v3.proxy_event_local on cluster ck_cluster add column IF NOT EXISTS ssl_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_cluster add column IF NOT EXISTS ssl_version String after rdp_cookie;
+ALTER  table tsg_galaxy_v3.proxy_event on cluster ck_query add column IF NOT EXISTS ssl_version String after rdp_cookie;