Hello all,
I have written a small firewall, and sshd, logging system which uses
postgresql for storing the logs.
The table that stores the firewall logs has, among other columns,
from_ip, port and a timestamp.
I want to construct a query which returns the columns:
from_ip | port 22 entries | total entries | last_access
I have managed to put this together:
select from_ip, count(from_ip) as entries, max(ts)::timestamp(0) as
last_access from log where to_port=22 and direction='in' group by from_ip
So the only thing I'm missing is the total number of log entries
matching the from_ip, but that's where I'm stuck. My instinct is to try
to use subqueries:
select from_ip, count(from_ip) as entries, count(select * from log where
...) as tot_entries, max(ts)::timestamp(0) as last_access from log where
to_port=22 and direction='in' group by from_ip
..but count() doesn't take a subquery afaik, and how would I match the
from_ip in the inner select with the outer one? So I assume that
subqueries aren't the way yo go. Is there even a query to return those
columns in that configuration?
Thankful for any hints or tips.
--
Kind Regards,
Jan Danielsson
Te audire non possum. Musa sapientum fixa est in aure.
