Hello all,
I have written a small firewall, and sshd, logging system which uses
postgresql for storing the logs.
The table that stores the firewall logs has, among other columns,
from_ip, port and a timestamp.
I want a query which lists:
from_ip | port 22 entries | total entries | last_access
I have managed to put this together:
select from_ip, count(from_ip) as entries, max(ts)::timestamp(0) as
last_access from log where to_port=22 and direction='in' group by from_ip
So the only thing I'm missing is the total number of log entries, but
that's where I'm stuck. My instinct is to try to use subqueries:
select from_ip, count(from_ip) as entries, count(select * from log where
...) as tot_entries, max(ts)::timestamp(0) as last_access from log where
to_port=22 and direction='in' group by from_ip
..but how do I match the from_ip in the inner select with the outer one?
Thankful for any hints or tips.
--
Kind Regards,
Jan Danielsson
Te audire non possum. Musa sapientum fixa est in aure.
