Postgres Pro
Downloads
Home   >   mailing lists

Thread: Query question, subselects and referencing out?

Query question, subselects and referencing out?

From
Jan Danielsson
Date:
Hello all,

   I have written a small firewall, and sshd, logging system which uses
postgresql for storing the logs.

   The table that stores the firewall logs has, among other columns,
from_ip, port and a timestamp.

I want a query which lists:
from_ip | port 22 entries | total entries | last_access

I have managed to put this together:

select from_ip, count(from_ip) as entries, max(ts)::timestamp(0) as
last_access from log where to_port=22 and direction='in' group by from_ip

   So the only thing I'm missing is the total number of log entries, but
that's where I'm stuck. My instinct is to try to use subqueries:

select from_ip, count(from_ip) as entries, count(select * from log where
...) as tot_entries, max(ts)::timestamp(0) as last_access from log where
to_port=22 and direction='in' group by from_ip

..but how do I match the from_ip in the inner select with the outer one?

Thankful for any hints or tips.

--
Kind Regards,
Jan Danielsson
Te audire non possum. Musa sapientum fixa est in aure.
Attachment

Re: Query question, subselects and referencing out?

From
Andreas Seltenreich
Date:
Jan Danielsson writes:

> I have managed to put this together:
>
> select from_ip, count(from_ip) as entries, max(ts)::timestamp(0) as
> last_access from log where to_port=22 and direction='in' group by from_ip
>
>    So the only thing I'm missing is the total number of log entries, but
> that's where I'm stuck. My instinct is to try to use subqueries:
>
> select from_ip, count(from_ip) as entries, count(select * from log where
> ...) as tot_entries, max(ts)::timestamp(0) as last_access from log where
> to_port=22 and direction='in' group by from_ip
>
> ..but how do I match the from_ip in the inner select with the outer one?

I guess that is the point when you're supposed to give table an alias:

| select from_ip, count(from_ip) as entries, (select count(*) from log where

from_ip = outerlog.from_ip

| ) as tot_entries, max(ts)::timestamp(0) as last_access from log

as outerlog

| where to_port=22 and direction='in' group by from_ip

Also note the moved aggregate in the subquery.

regards,
Andreas
--
Attachment