Fixes cleanup of old alerts when stored in Clickhouse

Addresses #6066

scripts/lua/modules/alert_keys/flow_alert_keys.lua

@@ -71,6 +71,7 @@ local flow_alert_keys = {
    flow_alert_ndpi_http_suspicious_content    = 63,
    flow_alert_ndpi_dns_large_packet           = 64,
    flow_alert_ndpi_dns_fragmented             = 65,
+   flow_alert_ndpi_invalid_characters         = 66,
    -- NOTE: for flow alerts not not go beyond the size of Bitmap alert_map inside Flow.h (currently 128)
 }
 

scripts/lua/modules/alert_store/alert_store.lua

@@ -1466,7 +1466,7 @@ end
 -- ##############################################
 
 --@brief Deletes old data according to the configuration or up to a safe limit
-function alert_store:housekeeping()
+function alert_store:housekeeping(ifid)
    local prefs = ntop.getPrefs()
 
    -- By Number of records
@@ -1476,11 +1476,11 @@ function alert_store:housekeeping()
 
    local q
    if ntop.isClickHouseEnabled() then
-      q = string.format("ALTER TABLE `%s` DELETE WHERE rowid <= (SELECT rowid FROM `%s` ORDER BY rowid DESC LIMIT 1 OFFSET %u)",
-         self._table_name, self._table_name, limit)
+      q = string.format("ALTER TABLE `%s` DELETE WHERE interface_id = %d AND rowid <= (SELECT rowid FROM `%s` WHERE interface_id = %u ORDER BY rowid DESC LIMIT 1 OFFSET %u)",
+			self._table_name, ifid, self._table_name, ifid, limit)
    else
       q = string.format("DELETE FROM `%s` WHERE rowid <= (SELECT rowid FROM `%s` ORDER BY rowid DESC LIMIT 1 OFFSET %u)",
-         self._table_name, self._table_name, limit)
+			self._table_name, self._table_name, limit)
    end
 
    local deleted = interface.alert_store_query(q)
@@ -1492,7 +1492,7 @@ function alert_store:housekeeping()
    local expiration_epoch = now - max_time_sec
 
    if ntop.isClickHouseEnabled() then
-      q = string.format("ALTER TABLE `%s` DELETE WHERE tstamp < %u", self._table_name, expiration_epoch)
+      q = string.format("ALTER TABLE `%s` DELETE WHERE interface_id = %d AND tstamp < %u", self._table_name, ifid, expiration_epoch)
    else
       q = string.format("DELETE FROM `%s` WHERE tstamp < %u", self._table_name, expiration_epoch)
    end

scripts/lua/modules/alert_store/alert_store_utils.lua

@@ -51,17 +51,20 @@ end
 -- ##############################################
 
 -- @brief Call instance:db_cleanup for every available alert_store instance
-function alert_store_utils.housekeeping()
+function alert_store_utils.housekeeping(ifid)
    local all_instances = alert_store_utils.all_instances_factory()
    for _, instance in pairs(all_instances) do
-      instance:housekeeping()
+      instance:housekeeping(ifid)
+   end
+
+   if not ntop.isClickHouseEnabled() then
+      -- Reclaims unused disk space and defragments tables and indices.
+      -- Should be called as disk space and defragmentation are not run
+      -- automatically by sqlite.
+      -- NOTE: clickhouse doesn't need to reclaim space
+      local q = string.format("VACUUM")
+      local vacuum = interface.alert_store_query(q)
    end
-   
-   -- Reclaims unused disk space and defragments tables and indices.
-   -- Should be called as disk space and defragmentation are not run
-   -- automatically by sqlite.
-   local q = string.format("VACUUM")
-   local vacuum = interface.alert_store_query(q)
 end
 
 -- ##############################################

scripts/lua/modules/alert_store/all_alert_store.lua

@@ -333,7 +333,7 @@ end
 -- ##############################################
 
 --@brief Deletes old data according to the configuration or up to a safe limit
-function all_alert_store:housekeeping()
+function all_alert_store:housekeeping(ifid)
    -- Nothing do do, nothing do delete or vacuum, this is just a view
 end