From 4eb511018dfb8f9b6777f61dd64a12148f055a2a Mon Sep 17 00:00:00 2001 From: Matteo Biscosi Date: Thu, 6 Mar 2025 10:46:45 +0100 Subject: [PATCH] Fixes clickhouse schema not updated (#9022) --- doc/src/README.build_with_latest_sphinx.md | 2 +- .../clickhouse/clickhouse_schema.rst | 124 +++++++++++++++++- 2 files changed, 122 insertions(+), 4 deletions(-) diff --git a/doc/src/README.build_with_latest_sphinx.md b/doc/src/README.build_with_latest_sphinx.md index 6f5c1205ad..ab4b3eb58e 100644 --- a/doc/src/README.build_with_latest_sphinx.md +++ b/doc/src/README.build_with_latest_sphinx.md @@ -14,7 +14,7 @@ pip install breathe sphinx sphinx-rtd-theme mock rst2pdf sphinxcontrib.swaggerdo ## Files to update - conf.py (doc/src/conf.py): - replace line 303 from app.add_stylesheet to app.add_css_file (function changed the name); - - change line 296 from `intersphinx_mapping = {'https://docs.python.org/': None}` to `intersphinx_mapping = {'python': ('https://docs.python.org/3', None)}` + - change line 293 from `intersphinx_mapping = {'https://docs.python.org/': None}` to `intersphinx_mapping = {'python': ('https://docs.python.org/3', None)}` ## Generate diff --git a/doc/src/flow_dump/clickhouse/clickhouse_schema.rst b/doc/src/flow_dump/clickhouse/clickhouse_schema.rst index 4200300d87..6d122b0d8e 100644 --- a/doc/src/flow_dump/clickhouse/clickhouse_schema.rst +++ b/doc/src/flow_dump/clickhouse/clickhouse_schema.rst @@ -162,6 +162,102 @@ The list of the Layer 7 protocols can be found `here `__ + ++--------+---------------------------+ +| ID | Category | ++========+===========================+ +| 0 | Unspecified | ++--------+---------------------------+ +| 1 | Media | ++--------+---------------------------+ +| 2 | VPN | ++--------+---------------------------+ +| 3 | Mail | ++--------+---------------------------+ +| 4 | Data Transfer | ++--------+---------------------------+ +| 5 | Web | ++--------+---------------------------+ +| 7 | Social Network | ++--------+---------------------------+ +| 8 | Download FT | ++--------+---------------------------+ +| 9 | Game | ++--------+---------------------------+ +| 10 | Chat | ++--------+---------------------------+ +| 11 | VoIP | ++--------+---------------------------+ +| 12 | Database | ++--------+---------------------------+ +| 13 | Remote Access | ++--------+---------------------------+ +| 14 | Cloud | ++--------+---------------------------+ +| 16 | Network | ++--------+---------------------------+ +| 17 | Collaborative | ++--------+---------------------------+ +| 18 | RPC | ++--------+---------------------------+ +| 19 | Streaming | ++--------+---------------------------+ +| 20 | System OS | ++--------+---------------------------+ +| 21 | Software Update | ++--------+---------------------------+ +| 22 | Custom Category 1 | ++--------+---------------------------+ +| 23 | Custom Category 2 | ++--------+---------------------------+ +| 24 | Custom Category 3 | ++--------+---------------------------+ +| 25 | Custom Category 4 | ++--------+---------------------------+ +| 26 | Custom Category 5 | ++--------+---------------------------+ +| 27 | Music | ++--------+---------------------------+ +| 28 | Video | ++--------+---------------------------+ +| 29 | Shopping | ++--------+---------------------------+ +| 30 | Productivity | ++--------+---------------------------+ +| 31 | File Sharing | ++--------+---------------------------+ +| 32 | Connectivity Check | ++--------+---------------------------+ +| 33 | IOT SCADA | ++--------+---------------------------+ +| 34 | Virtual Assistant | ++--------+---------------------------+ +| 35 | Cybersecurity | ++--------+---------------------------+ +| 36 | Adult Content | ++--------+---------------------------+ +| 99 | Mining | ++--------+---------------------------+ +| 100 | Malware | ++--------+---------------------------+ +| 101 | Advertisement | ++--------+---------------------------+ +| 102 | Banned Site | ++--------+---------------------------+ +| 103 | Site Unavailable | ++--------+---------------------------+ +| 104 | Allowed Site | ++--------+---------------------------+ +| 105 | AntiMalware | ++--------+---------------------------+ +| 106 | Crypt Currency | ++--------+---------------------------+ +| 107 | Gambling | ++--------+---------------------------+ +| 108 | Health | ++--------+---------------------------+ + The list of Alerts Category Available: +--------+---------------------------+ @@ -188,6 +284,28 @@ The list of Alerts Category Available: | 15 | Other Alert | +--------+---------------------------+ +The list of Alert Severities: + ++--------+---------------------------+ +| ID | Alert Severity | ++========+===========================+ +| 0 | None | ++--------+---------------------------+ +| 1 | Debug | ++--------+---------------------------+ +| 2 | Info | ++--------+---------------------------+ +| 3 | Notice | ++--------+---------------------------+ +| 4 | Warning | ++--------+---------------------------+ +| 5 | Error | ++--------+---------------------------+ +| 7 | Critical | ++--------+---------------------------+ +| 8 | Emergency | ++--------+---------------------------+ + Active monitoring description: +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ @@ -249,7 +367,7 @@ Flow alerts description: +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | tstamp_end | End Timestamp | DateTime | Time when the alert has ended | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ -| severity | Severity | UInt8 | Severity level of the alert (See severity mapping in ntopng.alert_severities table) | +| severity | Severity | UInt8 | Severity level of the alert (See the Alert Severities table above) | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | score | Score | UInt16 | Numerical score associated with the alert | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ @@ -277,13 +395,13 @@ Flow alerts description: +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | is_srv_victim | Is Server Victim | UInt8 | Flag indicating if the server is classified as a victim | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ -| proto | Protocol | UInt8 | IP protocol number (mapping can be found in table ntopng.l4_protocols) | +| proto | Protocol | UInt8 | IP protocol number (A list of L4 Protocols can be found above) | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | l7_proto | L7 Protocol | UInt16 | Layer 7 protocol identifier | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | l7_master_proto | L7 Master Protocol | UInt16 | Master Layer 7 protocol identifier | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ -| l7_cat | L7 Category | UInt16 | Category of Layer 7 protocol (mapping can be found in table ntopng.l7_categories) | +| l7_cat | L7 Category | UInt16 | Category of Layer 7 protocol (A list of Application Categories can be found above) | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+ | cli_name | Client Name | String | Name or hostname of the client | +------------------+------------------------+----------+----------------------------------------------------------------------------------------------------------+