4023 lines
111 KiB
SQL
4023 lines
111 KiB
SQL
create database IF NOT EXISTS tsg_galaxy_v3 ON CLUSTER ck_cluster;
|
|
create database IF NOT EXISTS tsg_galaxy_v3 ON CLUSTER ck_query;
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
gtp_version String,
|
|
gtp_apn String,
|
|
gtp_imei String,
|
|
gtp_imsi String,
|
|
gtp_phone_number String,
|
|
gtp_uplink_teid Int64,
|
|
gtp_downlink_teid Int64,
|
|
gtp_msg_type String,
|
|
gtp_end_user_ipv4 String,
|
|
gtp_end_user_ipv6 String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_log_id,common_data_center,common_recv_time);
|
|
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
gtp_version String,
|
|
gtp_apn String,
|
|
gtp_imei String,
|
|
gtp_imsi String,
|
|
gtp_phone_number String,
|
|
gtp_uplink_teid Int64,
|
|
gtp_downlink_teid Int64,
|
|
gtp_msg_type String,
|
|
gtp_end_user_ipv4 String,
|
|
gtp_end_user_ipv6 String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_query(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
gtp_version String,
|
|
gtp_apn String,
|
|
gtp_imei String,
|
|
gtp_imsi String,
|
|
gtp_phone_number String,
|
|
gtp_uplink_teid Int64,
|
|
gtp_downlink_teid Int64,
|
|
gtp_msg_type String,
|
|
gtp_end_user_ipv4 String,
|
|
gtp_end_user_ipv6 String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_log_id,common_data_center,common_recv_time);
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_stream_trace_id,common_data_center,common_recv_time);
|
|
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_query(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_query(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
|
|
|
|
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
)ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_data_center,common_recv_time);
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log ON CLUSTER ck_query(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
nic_name String,
|
|
origin_source_mac String,
|
|
origin_dest_mac String,
|
|
packet_url String,
|
|
pcap_storage_task_id Int64,
|
|
pcap_storage_duration Int64
|
|
)
|
|
ENGINE =MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
|
|
)
|
|
ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
doh_url String,
|
|
doh_host String,
|
|
doh_request_line String,
|
|
doh_response_line String,
|
|
doh_cookie String,
|
|
doh_referer String,
|
|
doh_user_agent String,
|
|
doh_content_length String,
|
|
doh_content_type String,
|
|
doh_set_cookie String,
|
|
doh_version String,
|
|
doh_message_id Int64,
|
|
doh_qr Int64,
|
|
doh_opcode Int64,
|
|
doh_aa Int64,
|
|
doh_tc Int64,
|
|
doh_rd Int64,
|
|
doh_ra Int64,
|
|
doh_rcode Int64,
|
|
doh_qdcount Int64,
|
|
doh_ancount Int64,
|
|
doh_nscount Int64,
|
|
doh_arcount Int64,
|
|
doh_qname String,
|
|
doh_qtype Int64,
|
|
doh_qclass Int64,
|
|
doh_cname String,
|
|
doh_sub Int64,
|
|
doh_rr String
|
|
)
|
|
ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_local ON CLUSTER ck_cluster(
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_log_id,common_data_center,common_recv_time);
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log_local ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
radius_packet_type Int64,
|
|
radius_nas_ip String,
|
|
radius_framed_ip String,
|
|
radius_account String,
|
|
radius_session_timeout Int64,
|
|
radius_idle_timeout Int64,
|
|
radius_acct_status_type Int64,
|
|
radius_acct_terminate_cause Int64,
|
|
radius_event_timestamp Int64,
|
|
radius_nas_port Int64,
|
|
radius_service_type Int64,
|
|
radius_framed_protocol Int64,
|
|
radius_callback_number String,
|
|
radius_callback_id String,
|
|
radius_termination_action Nullable(Int64),
|
|
radius_called_station_id String,
|
|
radius_calling_station_id String,
|
|
radius_acct_delay_time Int64,
|
|
radius_acct_session_id String,
|
|
radius_acct_multi_session_id String,
|
|
radius_acct_input_octets Int64,
|
|
radius_acct_output_octets Int64,
|
|
radius_acct_input_packets Int64,
|
|
radius_acct_output_packets Int64,
|
|
radius_acct_session_time Int64,
|
|
radius_acct_link_count Int64,
|
|
radius_acct_interim_interval Int64
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_log_id,common_data_center,common_recv_time);
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip_local ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_client_ip,common_server_ip,common_recv_time);
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip_local ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_server_ip,common_client_ip,common_recv_time);
|
|
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id_local ON CLUSTER ck_cluster (
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (common_subscriber_id,common_recv_time);
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain_local ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
|
|
ORDER BY (http_domain,common_recv_time);
|
|
|
|
|
|
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_client_ip ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_client_ip_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
|
|
|
|
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_server_ip ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_server_ip_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
|
|
|
|
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_subscriber_id ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_subscriber_id_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
|
|
|
|
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_http_domain ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_http_domain_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
|
|
|
|
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log_local ON CLUSTER ck_cluster(
|
|
event_timestamp Int64,
|
|
account String,
|
|
framed_ip String,
|
|
acct_status_type Int64,
|
|
acct_session_id String,
|
|
acct_session_time Int64
|
|
)
|
|
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(event_timestamp))
|
|
ORDER BY (account,event_timestamp);
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log ON CLUSTER ck_query (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
radius_packet_type Int64,
|
|
radius_nas_ip String,
|
|
radius_framed_ip String,
|
|
radius_account String,
|
|
radius_session_timeout Int64,
|
|
radius_idle_timeout Int64,
|
|
radius_acct_status_type Int64,
|
|
radius_acct_terminate_cause Int64,
|
|
radius_event_timestamp Int64,
|
|
radius_nas_port Int64,
|
|
radius_service_type Int64,
|
|
radius_framed_protocol Int64,
|
|
radius_callback_number String,
|
|
radius_callback_id String,
|
|
radius_termination_action Nullable(Int64),
|
|
radius_called_station_id String,
|
|
radius_calling_station_id String,
|
|
radius_acct_delay_time Int64,
|
|
radius_acct_session_id String,
|
|
radius_acct_multi_session_id String,
|
|
radius_acct_input_octets Int64,
|
|
radius_acct_output_octets Int64,
|
|
radius_acct_input_packets Int64,
|
|
radius_acct_output_packets Int64,
|
|
radius_acct_session_time Int64,
|
|
radius_acct_link_count Int64,
|
|
radius_acct_interim_interval Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log ON CLUSTER ck_query (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_query (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
doh_url String,
|
|
doh_host String,
|
|
doh_request_line String,
|
|
doh_response_line String,
|
|
doh_cookie String,
|
|
doh_referer String,
|
|
doh_user_agent String,
|
|
doh_content_length String,
|
|
doh_content_type String,
|
|
doh_set_cookie String,
|
|
doh_version String,
|
|
doh_message_id Int64,
|
|
doh_qr Int64,
|
|
doh_opcode Int64,
|
|
doh_aa Int64,
|
|
doh_tc Int64,
|
|
doh_rd Int64,
|
|
doh_ra Int64,
|
|
doh_rcode Int64,
|
|
doh_qdcount Int64,
|
|
doh_ancount Int64,
|
|
doh_nscount Int64,
|
|
doh_arcount Int64,
|
|
doh_qname String,
|
|
doh_qtype Int64,
|
|
doh_qclass Int64,
|
|
doh_cname String,
|
|
doh_sub Int64,
|
|
doh_rr String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log ON CLUSTER ck_query (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_event_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_query (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
nic_name String,
|
|
origin_source_mac String,
|
|
origin_dest_mac String,
|
|
packet_url String,
|
|
pcap_storage_task_id Int64,
|
|
pcap_storage_duration Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,sys_packet_capture_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log ON CLUSTER ck_query(
|
|
event_timestamp Int64,
|
|
account String,
|
|
framed_ip String,
|
|
acct_status_type Int64,
|
|
acct_session_id String,
|
|
acct_session_time Int64
|
|
)
|
|
ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_onff_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
radius_packet_type Int64,
|
|
radius_nas_ip String,
|
|
radius_framed_ip String,
|
|
radius_account String,
|
|
radius_session_timeout Int64,
|
|
radius_idle_timeout Int64,
|
|
radius_acct_status_type Int64,
|
|
radius_acct_terminate_cause Int64,
|
|
radius_event_timestamp Int64,
|
|
radius_nas_port Int64,
|
|
radius_service_type Int64,
|
|
radius_framed_protocol Int64,
|
|
radius_callback_number String,
|
|
radius_callback_id String,
|
|
radius_termination_action Nullable(Int64),
|
|
radius_called_station_id String,
|
|
radius_calling_station_id String,
|
|
radius_acct_delay_time Int64,
|
|
radius_acct_session_id String,
|
|
radius_acct_multi_session_id String,
|
|
radius_acct_input_octets Int64,
|
|
radius_acct_output_octets Int64,
|
|
radius_acct_input_packets Int64,
|
|
radius_acct_output_packets Int64,
|
|
radius_acct_session_time Int64,
|
|
radius_acct_link_count Int64,
|
|
radius_acct_interim_interval Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
doh_url String,
|
|
doh_host String,
|
|
doh_request_line String,
|
|
doh_response_line String,
|
|
doh_cookie String,
|
|
doh_referer String,
|
|
doh_user_agent String,
|
|
doh_content_length String,
|
|
doh_content_type String,
|
|
doh_set_cookie String,
|
|
doh_version String,
|
|
doh_message_id Int64,
|
|
doh_qr Int64,
|
|
doh_opcode Int64,
|
|
doh_aa Int64,
|
|
doh_tc Int64,
|
|
doh_rd Int64,
|
|
doh_ra Int64,
|
|
doh_rcode Int64,
|
|
doh_qdcount Int64,
|
|
doh_ancount Int64,
|
|
doh_nscount Int64,
|
|
doh_arcount Int64,
|
|
doh_qname String,
|
|
doh_qtype Int64,
|
|
doh_qclass Int64,
|
|
doh_cname String,
|
|
doh_sub Int64,
|
|
doh_rr String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
http_url String,
|
|
http_host String,
|
|
http_domain String,
|
|
http_request_line String,
|
|
http_response_line String,
|
|
http_request_header String,
|
|
http_response_header String,
|
|
http_request_content String,
|
|
http_response_content String,
|
|
http_request_body String,
|
|
http_response_body String,
|
|
http_request_body_key String,
|
|
http_response_body_key String,
|
|
http_proxy_flag Int64,
|
|
http_sequence Int64,
|
|
http_snapshot String,
|
|
http_cookie String,
|
|
http_referer String,
|
|
http_user_agent String,
|
|
http_content_length String,
|
|
http_content_type String,
|
|
http_set_cookie String,
|
|
http_version String,
|
|
http_response_lantency_ms Int64,
|
|
http_session_duration_ms Int64,
|
|
http_action_file_size Int64,
|
|
mail_protocol_type String,
|
|
mail_account String,
|
|
mail_to_cmd String,
|
|
mail_from_cmd String,
|
|
mail_from String,
|
|
mail_to String,
|
|
mail_cc String,
|
|
mail_bcc String,
|
|
mail_subject String,
|
|
mail_subject_charset String,
|
|
mail_content String,
|
|
mail_content_charset String,
|
|
mail_attachment_name String,
|
|
mail_attachment_name_charset String,
|
|
mail_attachment_content String,
|
|
mail_eml_file String,
|
|
mail_snapshot String,
|
|
dns_message_id Int64,
|
|
dns_qr Nullable(Int64),
|
|
dns_opcode Nullable(Int64),
|
|
dns_aa Int64,
|
|
dns_tc Int64,
|
|
dns_rd Int64,
|
|
dns_ra Int64,
|
|
dns_rcode Int64,
|
|
dns_qdcount Int64,
|
|
dns_ancount Int64,
|
|
dns_nscount Int64,
|
|
dns_arcount Int64,
|
|
dns_qname String,
|
|
dns_qtype Int64,
|
|
dns_qclass Int64,
|
|
dns_cname String,
|
|
dns_sub Int64,
|
|
dns_rr String,
|
|
ssl_version String,
|
|
ssl_sni String,
|
|
ssl_san String,
|
|
ssl_cn String,
|
|
ssl_pinningst Nullable(Int64),
|
|
ssl_intercept_state Nullable(Int64),
|
|
ssl_server_side_latency Int64,
|
|
ssl_client_side_latency Int64,
|
|
ssl_server_side_version String,
|
|
ssl_client_side_version String,
|
|
ssl_cert_verify Nullable(Int64),
|
|
ssl_error String,
|
|
ssl_con_latency_ms Int64,
|
|
ssl_ja3_fingerprint String,
|
|
ssl_ja3_hash String,
|
|
ssl_cert_issuer String,
|
|
ssl_cert_subject String,
|
|
quic_version String,
|
|
quic_sni String,
|
|
quic_user_agent String,
|
|
ftp_account String,
|
|
ftp_url String,
|
|
ftp_content String,
|
|
ftp_link_type String,
|
|
bgp_type Int64,
|
|
bgp_as_num String,
|
|
bgp_route String,
|
|
voip_calling_account String,
|
|
voip_called_account String,
|
|
voip_calling_number String,
|
|
voip_called_number String,
|
|
streaming_media_url String,
|
|
streaming_media_protocol String,
|
|
app_extra_info String,
|
|
sip_call_id String,
|
|
sip_originator_description String,
|
|
sip_responder_description String,
|
|
sip_user_agent String,
|
|
sip_server String,
|
|
sip_originator_sdp_connect_ip String,
|
|
sip_originator_sdp_media_port Int64,
|
|
sip_originator_sdp_media_type String,
|
|
sip_originator_sdp_content String,
|
|
sip_responder_sdp_connect_ip String,
|
|
sip_responder_sdp_media_port Int64,
|
|
sip_responder_sdp_media_type String,
|
|
sip_responder_sdp_content String,
|
|
sip_duration Int64,
|
|
sip_bye String,
|
|
rtp_payload_type_c2s Nullable(Int64),
|
|
rtp_payload_type_s2c Nullable(Int64),
|
|
rtp_pcap_path String,
|
|
rtp_originator_dir Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_event_log_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_cluster (
|
|
common_recv_time Int64,
|
|
common_log_id UInt64,
|
|
common_stream_trace_id UInt64,
|
|
common_direction Nullable(Int64),
|
|
common_stream_dir Int64,
|
|
common_start_time Int64,
|
|
common_end_time Int64,
|
|
common_con_duration_ms Int64,
|
|
common_establish_latency_ms Int64,
|
|
common_processing_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_isp String,
|
|
common_data_center String,
|
|
common_sled_ip String,
|
|
common_action Int64,
|
|
common_sub_action String,
|
|
common_policy_id Int64,
|
|
common_user_tags String,
|
|
common_user_region String,
|
|
common_client_ip String,
|
|
common_internal_ip String,
|
|
common_client_port Int64,
|
|
common_client_location String,
|
|
common_client_asn String,
|
|
common_subscriber_id String,
|
|
common_imei String,
|
|
common_imsi String,
|
|
common_phone_number String,
|
|
common_server_ip String,
|
|
common_external_ip String,
|
|
common_server_port Int64,
|
|
common_server_location String,
|
|
common_server_asn String,
|
|
common_app_id String,
|
|
common_app_label String,
|
|
common_app_surrogate_id String,
|
|
common_l7_protocol String,
|
|
common_protocol_label String,
|
|
common_service_category Array(Int64),
|
|
common_service Int64,
|
|
common_l4_protocol String,
|
|
common_sessions Int64,
|
|
common_c2s_pkt_num Int64,
|
|
common_s2c_pkt_num Int64,
|
|
common_c2s_pkt_diff Int64,
|
|
common_s2c_pkt_diff Int64,
|
|
common_c2s_byte_num Int64,
|
|
common_s2c_byte_num Int64,
|
|
common_c2s_byte_diff Int64,
|
|
common_s2c_byte_diff Int64,
|
|
common_c2s_ipfrag_num Int64,
|
|
common_s2c_ipfrag_num Int64,
|
|
common_c2s_tcp_lostlen Int64,
|
|
common_s2c_tcp_lostlen Int64,
|
|
common_c2s_tcp_unorder_num Int64,
|
|
common_s2c_tcp_unorder_num Int64,
|
|
common_c2s_pkt_retrans Int64,
|
|
common_s2c_pkt_retrans Int64,
|
|
common_c2s_byte_retrans Int64,
|
|
common_s2c_byte_retrans Int64,
|
|
common_first_ttl Int64,
|
|
common_tcp_client_isn Int64,
|
|
common_tcp_server_isn Int64,
|
|
common_address_type Int64,
|
|
common_schema_type String,
|
|
common_device_tag String,
|
|
common_encapsulation Int64,
|
|
common_tunnels String,
|
|
common_address_list String,
|
|
common_has_dup_traffic Int64,
|
|
common_stream_error String,
|
|
common_link_info_c2s String,
|
|
common_link_info_s2c String,
|
|
nic_name String,
|
|
origin_source_mac String,
|
|
origin_dest_mac String,
|
|
packet_url String,
|
|
pcap_storage_task_id Int64,
|
|
pcap_storage_duration Int64
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,sys_packet_capture_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log ON CLUSTER ck_cluster(
|
|
event_timestamp Int64,
|
|
account String,
|
|
framed_ip String,
|
|
acct_status_type Int64,
|
|
acct_session_id String,
|
|
acct_session_time Int64
|
|
)
|
|
ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_onff_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_client_ip_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_server_ip_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id ON CLUSTER ck_cluster (
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_subscriber_id_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain ON CLUSTER ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_http_domain_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip ON CLUSTER ck_query(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_client_ip_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip ON CLUSTER ck_query(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_server_ip_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id ON CLUSTER ck_query (
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_subscriber_id_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain ON CLUSTER ck_query(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_policy_id Int64,
|
|
common_action Int64,
|
|
common_server_ip String,
|
|
common_client_ip String,
|
|
common_sled_ip String,
|
|
common_entrance_id Int64,
|
|
common_subscriber_id String,
|
|
common_stream_trace_id UInt64,
|
|
http_domain String,
|
|
ssl_sni String
|
|
) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_http_domain_local,rand());
|
|
|
|
CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log_local on cluster ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_policy_id Int64,
|
|
common_user_region String,
|
|
ad_method String,
|
|
ad_protocol String,
|
|
common_address_type Int64,
|
|
ad_target_ip String,
|
|
ad_target_port String,
|
|
ad_cc_target_url String,
|
|
ad_target_ip_location String,
|
|
ad_target_ip_asn String,
|
|
ad_claimed_src_ip_profile_id Int64,
|
|
ad_reflector_profile_id Int64,
|
|
ad_sent_pkt_num Int64,
|
|
ad_sent_byte_num Int64,
|
|
ad_cc_initiate_connection_num Int64,
|
|
ad_cc_established_connection_num Int64,
|
|
ad_cc_rejected_connection_num Int64,
|
|
ad_generate_time Int64
|
|
)
|
|
ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
|
|
|
|
create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_query(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_policy_id Int64,
|
|
common_user_region String,
|
|
ad_method String,
|
|
ad_protocol String,
|
|
common_address_type Int64,
|
|
ad_target_ip String,
|
|
ad_target_port String,
|
|
ad_cc_target_url String,
|
|
ad_target_ip_location String,
|
|
ad_target_ip_asn String,
|
|
ad_claimed_src_ip_profile_id Int64,
|
|
ad_reflector_profile_id Int64,
|
|
ad_sent_pkt_num Int64,
|
|
ad_sent_byte_num Int64,
|
|
ad_cc_initiate_connection_num Int64,
|
|
ad_cc_established_connection_num Int64,
|
|
ad_cc_rejected_connection_num Int64,
|
|
ad_generate_time Int64
|
|
)
|
|
ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
|
|
|
|
create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_cluster(
|
|
common_log_id UInt64,
|
|
common_recv_time Int64,
|
|
common_entrance_id Int64,
|
|
common_device_id String,
|
|
common_link_id Int64,
|
|
common_policy_id Int64,
|
|
common_user_region String,
|
|
ad_method String,
|
|
ad_protocol String,
|
|
common_address_type Int64,
|
|
ad_target_ip String,
|
|
ad_target_port String,
|
|
ad_cc_target_url String,
|
|
ad_target_ip_location String,
|
|
ad_target_ip_asn String,
|
|
ad_claimed_src_ip_profile_id Int64,
|
|
ad_reflector_profile_id Int64,
|
|
ad_sent_pkt_num Int64,
|
|
ad_sent_byte_num Int64,
|
|
ad_cc_initiate_connection_num Int64,
|
|
ad_cc_established_connection_num Int64,
|
|
ad_cc_rejected_connection_num Int64,
|
|
ad_generate_time Int64
|
|
)
|
|
ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
|
|
|
|
|
|
CREATE TABLE IF NOT EXISTS `system`.tables_cluster ON CLUSTER ck_query as `system`.tables ENGINE =Distributed(ck_all,`system`,tables,rand());
|
|
CREATE TABLE IF NOT EXISTS `system`.disks_cluster ON CLUSTER ck_query as `system`.disks ENGINE =Distributed(ck_all,`system`,disks,rand());
|
|
CREATE TABLE IF NOT EXISTS `system`.parts_cluster ON CLUSTER ck_query as `system`.parts ENGINE =Distributed(ck_all,`system`,parts,rand());
|
|
CREATE TABLE IF NOT EXISTS `system`.query_log_cluster ON CLUSTER ck_query as `system`.query_log ENGINE =Distributed(ck_all,`system`,query_log,rand());
|
|
CREATE TABLE IF NOT EXISTS `system`.columns_cluster ON cluster ck_query AS `system`.columns ENGINE=Distributed(ck_all,`system`,columns,rand());
|
|
|
|
|