gfwleak/galaxy-deployment-updata-record
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
cf09aae2ac1ca89bac846075e82f174df0f4ef02
galaxy-deployment-updata-re…/Clickhouse最新全量建表语句/Clickhouse-dll.sql
戚岱杰 cf09aae2ac Update Clickhouse-dll.sql
2021-08-31 10:03:45 +00:00

2118 lines
60 KiB
SQL
Raw Blame History

create database IF NOT EXISTS tsg_galaxy_dll ON CLUSTER ck_cluster;
create database IF NOT EXISTS tsg_galaxy_dll ON CLUSTER ck_query;
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log_local on cluster ck_cluster(
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
nic_name String,
origin_source_mac String,
origin_dest_mac String,
packet_url String,
pcap_storage_task_id Int64,
pcap_storage_duration Int64
)
ENGINE =MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.security_event_log_local on cluster ck_cluster(
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
)
ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.proxy_event_log_local on cluster ck_cluster(
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
doh_url String,
doh_host String,
doh_request_line String,
doh_response_line String,
doh_cookie String,
doh_referer String,
doh_user_agent String,
doh_content_length String,
doh_content_type String,
doh_set_cookie String,
doh_version String,
doh_message_id Int64,
doh_qr Int64,
doh_opcode Int64,
doh_aa Int64,
doh_tc Int64,
doh_rd Int64,
doh_ra Int64,
doh_rcode Int64,
doh_qdcount Int64,
doh_ancount Int64,
doh_nscount Int64,
doh_arcount Int64,
doh_qname String,
doh_qtype Int64,
doh_qclass Int64,
doh_cname String,
doh_sub Int64,
doh_rr String
)
ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_local on cluster ck_cluster(
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (common_log_id,common_data_center,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.radius_record_log_local on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
radius_packet_type Int64,
radius_nas_ip String,
radius_framed_ip String,
radius_account String,
radius_session_timeout Int64,
radius_idle_timeout Int64,
radius_acct_status_type Int64,
radius_acct_terminate_cause Int64,
radius_event_timestamp Int64,
radius_nas_port Int64,
radius_service_type Int64,
radius_framed_protocol Int64,
radius_callback_number String,
radius_callback_id String,
radius_termination_action Nullable(Int64),
radius_called_station_id String,
radius_calling_station_id String,
radius_acct_delay_time Int64,
radius_acct_session_id String,
radius_acct_multi_session_id String,
radius_acct_input_octets Int64,
radius_acct_output_octets Int64,
radius_acct_input_packets Int64,
radius_acct_output_packets Int64,
radius_acct_session_time Int64,
radius_acct_link_count Int64,
radius_acct_interim_interval Int64
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (common_log_id,common_data_center,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip_local on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (common_client_ip,common_server_ip,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip_local on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (common_server_ip,common_client_ip,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id_local on cluster ck_cluster (
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (common_subscriber_id,common_recv_time);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain_local on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
ORDER BY (http_domain,common_recv_time);
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_client_ip on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_client_ip_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_server_ip on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_server_ip_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_subscriber_id on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_subscriber_id_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_http_domain on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_http_domain_local AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.radius_onff_log_local on cluster ck_cluster(
event_timestamp Int64,
account String,
framed_ip String,
acct_status_type Int64,
acct_session_id String,
acct_session_time Int64
)
ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(event_timestamp))
ORDER BY (account,event_timestamp);
create table IF NOT EXISTS tsg_galaxy_dll.radius_record_log on cluster ck_query (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
radius_packet_type Int64,
radius_nas_ip String,
radius_framed_ip String,
radius_account String,
radius_session_timeout Int64,
radius_idle_timeout Int64,
radius_acct_status_type Int64,
radius_acct_terminate_cause Int64,
radius_event_timestamp Int64,
radius_nas_port Int64,
radius_service_type Int64,
radius_framed_protocol Int64,
radius_callback_number String,
radius_callback_id String,
radius_termination_action Nullable(Int64),
radius_called_station_id String,
radius_calling_station_id String,
radius_acct_delay_time Int64,
radius_acct_session_id String,
radius_acct_multi_session_id String,
radius_acct_input_octets Int64,
radius_acct_output_octets Int64,
radius_acct_input_packets Int64,
radius_acct_output_packets Int64,
radius_acct_session_time Int64,
radius_acct_link_count Int64,
radius_acct_interim_interval Int64
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_record_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.connection_record_log on cluster ck_query (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.proxy_event_log on cluster ck_query (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
doh_url String,
doh_host String,
doh_request_line String,
doh_response_line String,
doh_cookie String,
doh_referer String,
doh_user_agent String,
doh_content_length String,
doh_content_type String,
doh_set_cookie String,
doh_version String,
doh_message_id Int64,
doh_qr Int64,
doh_opcode Int64,
doh_aa Int64,
doh_tc Int64,
doh_rd Int64,
doh_ra Int64,
doh_rcode Int64,
doh_qdcount Int64,
doh_ancount Int64,
doh_nscount Int64,
doh_arcount Int64,
doh_qname String,
doh_qtype Int64,
doh_qclass Int64,
doh_cname String,
doh_sub Int64,
doh_rr String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,proxy_event_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.security_event_log on cluster ck_query (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_event_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log on cluster ck_query (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
nic_name String,
origin_source_mac String,
origin_dest_mac String,
packet_url String,
pcap_storage_task_id Int64,
pcap_storage_duration Int64
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,sys_packet_capture_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.radius_onff_log on cluster ck_query(
event_timestamp Int64,
account String,
framed_ip String,
acct_status_type Int64,
acct_session_id String,
acct_session_time Int64
)
ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_onff_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.radius_record_log on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
radius_packet_type Int64,
radius_nas_ip String,
radius_framed_ip String,
radius_account String,
radius_session_timeout Int64,
radius_idle_timeout Int64,
radius_acct_status_type Int64,
radius_acct_terminate_cause Int64,
radius_event_timestamp Int64,
radius_nas_port Int64,
radius_service_type Int64,
radius_framed_protocol Int64,
radius_callback_number String,
radius_callback_id String,
radius_termination_action Nullable(Int64),
radius_called_station_id String,
radius_calling_station_id String,
radius_acct_delay_time Int64,
radius_acct_session_id String,
radius_acct_multi_session_id String,
radius_acct_input_octets Int64,
radius_acct_output_octets Int64,
radius_acct_input_packets Int64,
radius_acct_output_packets Int64,
radius_acct_session_time Int64,
radius_acct_link_count Int64,
radius_acct_interim_interval Int64
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_record_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.connection_record_log on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.proxy_event_log on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
doh_url String,
doh_host String,
doh_request_line String,
doh_response_line String,
doh_cookie String,
doh_referer String,
doh_user_agent String,
doh_content_length String,
doh_content_type String,
doh_set_cookie String,
doh_version String,
doh_message_id Int64,
doh_qr Int64,
doh_opcode Int64,
doh_aa Int64,
doh_tc Int64,
doh_rd Int64,
doh_ra Int64,
doh_rcode Int64,
doh_qdcount Int64,
doh_ancount Int64,
doh_nscount Int64,
doh_arcount Int64,
doh_qname String,
doh_qtype Int64,
doh_qclass Int64,
doh_cname String,
doh_sub Int64,
doh_rr String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,proxy_event_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.security_event_log on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
http_url String,
http_host String,
http_domain String,
http_request_line String,
http_response_line String,
http_request_header String,
http_response_header String,
http_request_body String,
http_response_body String,
http_request_body_key String,
http_response_body_key String,
http_proxy_flag Int64,
http_sequence Int64,
http_snapshot String,
http_cookie String,
http_referer String,
http_user_agent String,
http_content_length String,
http_content_type String,
http_set_cookie String,
http_version String,
http_response_lantency_ms Int64,
http_session_duration_ms Int64,
http_action_file_size Int64,
mail_protocol_type String,
mail_account String,
mail_to_cmd String,
mail_from_cmd String,
mail_from String,
mail_to String,
mail_cc String,
mail_bcc String,
mail_subject String,
mail_subject_charset String,
mail_content String,
mail_content_charset String,
mail_attachment_name String,
mail_attachment_name_charset String,
mail_attachment_content String,
mail_eml_file String,
mail_snapshot String,
dns_message_id Int64,
dns_qr Nullable(Int64),
dns_opcode Nullable(Int64),
dns_aa Int64,
dns_tc Int64,
dns_rd Int64,
dns_ra Int64,
dns_rcode Int64,
dns_qdcount Int64,
dns_ancount Int64,
dns_nscount Int64,
dns_arcount Int64,
dns_qname String,
dns_qtype Int64,
dns_qclass Int64,
dns_cname String,
dns_sub Int64,
dns_rr String,
ssl_version String,
ssl_sni String,
ssl_san String,
ssl_cn String,
ssl_pinningst Nullable(Int64),
ssl_intercept_state Nullable(Int64),
ssl_server_side_latency Int64,
ssl_client_side_latency Int64,
ssl_server_side_version String,
ssl_client_side_version String,
ssl_cert_verify Nullable(Int64),
ssl_error String,
ssl_con_latency_ms Int64,
ssl_ja3_fingerprint String,
ssl_ja3_hash String,
quic_version String,
quic_sni String,
quic_user_agent String,
ftp_account String,
ftp_url String,
ftp_content String,
bgp_type Int64,
bgp_as_num String,
bgp_route String,
voip_calling_account String,
voip_called_account String,
voip_calling_number String,
voip_called_number String,
streaming_media_url String,
streaming_media_protocol String,
app_extra_info String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_event_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log on cluster ck_cluster (
common_log_id UInt64,
common_service Int64,
common_recv_time Int64,
common_direction Nullable(Int64),
common_l4_protocol String,
common_address_type Int64,
common_schema_type String,
common_policy_id Int64,
common_user_tags String,
common_action Int64,
common_sub_action String,
common_user_region String,
common_client_ip String,
common_client_port Int64,
common_internal_ip String,
common_entrance_id Int64,
common_device_id String,
common_link_id Int64,
common_isp String,
common_device_tag String,
common_data_center String,
common_encapsulation Int64,
common_sled_ip String,
common_client_location String,
common_client_asn String,
common_subscriber_id String,
common_server_ip String,
common_server_port Int64,
common_external_ip String,
common_server_location String,
common_server_asn String,
common_protocol_label String,
common_app_label String,
common_app_id Int64,
common_app_surrogate_id Int64,
common_l7_protocol String,
common_sessions Int64,
common_c2s_pkt_num Int64,
common_s2c_pkt_num Int64,
common_c2s_byte_num Int64,
common_s2c_byte_num Int64,
common_start_time Int64,
common_end_time Int64,
common_establish_latency_ms Int64,
common_con_duration_ms Int64,
common_stream_dir Int64,
common_address_list String,
common_has_dup_traffic Int64,
common_stream_error String,
common_stream_trace_id UInt64,
common_link_info_c2s String,
common_link_info_s2c String,
common_c2s_ipfrag_num Int64,
common_s2c_ipfrag_num Int64,
common_c2s_tcp_lostlen Int64,
common_s2c_tcp_lostlen Int64,
common_c2s_tcp_unorder_num Int64,
common_s2c_tcp_unorder_num Int64,
common_first_ttl Int64,
common_processing_time Int64,
nic_name String,
origin_source_mac String,
origin_dest_mac String,
packet_url String,
pcap_storage_task_id Int64,
pcap_storage_duration Int64
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,sys_packet_capture_log_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.radius_onff_log on cluster ck_cluster(
event_timestamp Int64,
account String,
framed_ip String,
acct_status_type Int64,
acct_session_id String,
acct_session_time Int64
)
ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_onff_log_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_client_ip_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_server_ip_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id on cluster ck_cluster (
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_subscriber_id_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain on cluster ck_cluster(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_http_domain_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip on cluster ck_query(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_client_ip_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip on cluster ck_query(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_server_ip_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id on cluster ck_query (
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_subscriber_id_local,rand());
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain on cluster ck_query(
common_log_id UInt64,
common_recv_time Int64,
common_policy_id Int64,
common_action Int64,
common_server_ip String,
common_client_ip String,
common_sled_ip String,
common_entrance_id Int64,
common_subscriber_id String,
common_stream_trace_id UInt64,
http_domain String,
ssl_sni String
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_http_domain_local,rand());
CREATE DICTIONARY IF NOT EXISTS tsg_galaxy_dll.cdn on cluster ck_cluster (
cdn_id UInt64,
domain String,
cname String) PRIMARY KEY cdn_id SOURCE(MYSQL(PORT 3306 USER 'root' PASSWORD 'bifang!@#' REPLICA (HOST '{{ bifang_host }}' PRIORITY 1) DB 'tsg-bifang' TABLE 'tsg_cdn_domain_info')) LIFETIME(MIN 300 MAX 400) LAYOUT(FLAT());
create table IF NOT EXISTS tsg_galaxy_dll.cdn_dic on cluster ck_cluster (`cdn_id` UInt64,
`domain` String,
`cname` String) Engine = Dictionary(tsg_galaxy_dll.cdn);
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.security_website_domain_info_local on cluster ck_cluster(
stat_time Int64,
policy_id Int64,
domain String,
ip_list AggregateFunction(groupUniqArray,String),
cdn_list AggregateFunction(groupUniqArray,String),
protocol_type_list AggregateFunction(groupUniqArray,String),
port_list AggregateFunction(groupUniqArray,Int64)
) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,domain,stat_time) SETTINGS index_granularity = 8192;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.security_website_domain_info_local_view on cluster ck_cluster TO tsg_galaxy_dll.security_website_domain_info_local (
stat_time UInt32,
policy_id Int64,
domain String,
ip_list AggregateFunction(groupUniqArray,
String),
cdn_list AggregateFunction(groupUniqArray,
String),
protocol_type_list AggregateFunction(groupUniqArray,
String),
port_list AggregateFunction(groupUniqArray,
Int64)) AS SELECT toUnixTimestamp(toStartOfDay(toDate(common_recv_time))) AS stat_time,
common_policy_id AS policy_id,
http_domain AS domain,
groupUniqArrayState(common_server_ip) AS ip_list,
groupUniqArrayState(cc.domain) AS cdn_list,
groupUniqArrayState(common_schema_type) AS protocol_type_list,
groupUniqArrayState(common_server_port) AS port_list FROM (SELECT common_recv_time,
common_policy_id,
http_domain,
common_server_ip,
arrayJoin(splitByChar(';',
replaceAll(ssl_san,
'*',
''))) AS san,
common_schema_type,
common_server_port FROM tsg_galaxy_dll.security_event_log_local) AS sell INNER JOIN tsg_galaxy_dll.cdn_dic AS cc ON sell.san = cc.domain GROUP BY toStartOfDay(toDate(common_recv_time)),
common_policy_id,
http_domain;
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.security_ip_info_local on cluster ck_cluster (
stat_time Int64,
policy_id Int64,
ip String,
domain_list AggregateFunction(groupUniqArray,String),
port_list AggregateFunction(groupUniqArray,Int64)
) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,ip,stat_time) SETTINGS index_granularity = 8192;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.security_ip_info_local_view on cluster ck_cluster TO tsg_galaxy_dll.security_ip_info_local AS
SELECT
toUnixTimestamp(toStartOfDay(toDate(common_recv_time))) as stat_time,
common_policy_id as policy_id,
common_server_ip as ip,
groupUniqArrayState(http_domain) as domain_list ,
groupUniqArrayState(common_server_port) as port_list
FROM
tsg_galaxy_dll.security_event_log_local
group BY
toStartOfDay(toDate(common_recv_time)),
common_policy_id,
common_server_ip;
CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.proxy_ip_info_local on cluster ck_cluster(
stat_time Int64,
policy_id Int64,
ip_list AggregateFunction(groupUniqArray,String)
) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,stat_time) SETTINGS index_granularity = 8192;
CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.proxy_ip_info_local_view on cluster ck_cluster TO tsg_galaxy_dll.proxy_ip_info_local (
stat_time UInt32,
policy_id Int64,
ip_list AggregateFunction(groupUniqArray,
String)) AS SELECT toUnixTimestamp(toStartOfMinute(toDateTime(common_recv_time))) AS stat_time,
common_policy_id AS policy_id,
groupUniqArrayState(common_client_ip) AS ip_list FROM tsg_galaxy_dll.proxy_event_log_local GROUP BY toStartOfMinute(toDateTime(common_recv_time)),
common_policy_id;
create table IF NOT EXISTS tsg_galaxy_dll.security_website_domain_info on cluster ck_query
(
stat_time Int64,
policy_id Int64,
domain String,
ip_list AggregateFunction(groupUniqArray,String),
cdn_list AggregateFunction(groupUniqArray,String),
protocol_type_list AggregateFunction(groupUniqArray,String),
port_list AggregateFunction(groupUniqArray,Int64)
)
ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_website_domain_info_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.security_ip_info on cluster ck_query (
stat_time Int64,
policy_id Int64,
ip String,
domain_list AggregateFunction(groupUniqArray,String),
port_list AggregateFunction(groupUniqArray,Int64)
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_ip_info_local,rand());
create table IF NOT EXISTS tsg_galaxy_dll.proxy_ip_info on cluster ck_query (
stat_time Int64,
policy_id Int64,
ip_list AggregateFunction(groupUniqArray,String)
) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,proxy_ip_info_local,rand());
Reference in New Issue View Git Blame Copy Permalink