6d02f21c1e
New aggregation tables + materialized views: - agg_path_sequences_1h + MV (§5.1 Path Sequence Entropy) - agg_request_timing_1h + MV (§5.3 Request Cadence Fingerprint) - agg_ip_behavior_1h + MV (§5.5 JA4 Drift + §5.8 Cross-Domain) - agg_resource_cascade_1h + MV (§5.4 Resource Dependency Tree) New analytical views: - view_thesis_features_1h: unified view exposing all computable features (path_transition_entropy, cadence_cv, burst_ratio, pause_ratio, ja4_drift_ratio, host_diversity, host_sweep_speed, host_coverage_uniformity) - view_resource_cascade_1h: root_to_first_asset_delay, asset_load_stddev Documented future techniques (not feasible as MV): - §5.2 Bipartite Fleet Graph (needs Python networkx) - §5.6 DNS Shadow Analysis (needs sentinel UDP/53 extension) - §5.7 Compression Ratio Invariant (needs mod_reqin_log extension) Updated: deploy_schema.sh, verify_mvs.py (sections 8-10) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
71 lines
2.3 KiB
Bash
Executable File
71 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# =============================================================================
|
|
# deploy_schema.sh — Apply ClickHouse schema migrations with configurable
|
|
# database names via environment variables.
|
|
#
|
|
# Usage:
|
|
# CLICKHOUSE_DB_LOGS=my_logs CLICKHOUSE_DB_PROCESSING=my_proc ./deploy_schema.sh
|
|
#
|
|
# Env vars:
|
|
# CLICKHOUSE_DB_LOGS — logs database name (default: ja4_logs)
|
|
# CLICKHOUSE_DB_PROCESSING — processing database name (default: ja4_processing)
|
|
# CLICKHOUSE_HOST — ClickHouse host (default: localhost)
|
|
# CLICKHOUSE_PORT — ClickHouse native port (default: 9000)
|
|
# CLICKHOUSE_USER — ClickHouse user (default: default)
|
|
# CLICKHOUSE_PASSWORD — ClickHouse password (default: empty)
|
|
# =============================================================================
|
|
set -euo pipefail
|
|
|
|
CLICKHOUSE_DB_LOGS="${CLICKHOUSE_DB_LOGS:-ja4_logs}"
|
|
CLICKHOUSE_DB_PROCESSING="${CLICKHOUSE_DB_PROCESSING:-ja4_processing}"
|
|
CLICKHOUSE_HOST="${CLICKHOUSE_HOST:-localhost}"
|
|
CLICKHOUSE_PORT="${CLICKHOUSE_PORT:-9000}"
|
|
CLICKHOUSE_USER="${CLICKHOUSE_USER:-default}"
|
|
CLICKHOUSE_PASSWORD="${CLICKHOUSE_PASSWORD:-}"
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
CH_ARGS=(
|
|
--host "$CLICKHOUSE_HOST"
|
|
--port "$CLICKHOUSE_PORT"
|
|
--user "$CLICKHOUSE_USER"
|
|
)
|
|
if [[ -n "$CLICKHOUSE_PASSWORD" ]]; then
|
|
CH_ARGS+=(--password "$CLICKHOUSE_PASSWORD")
|
|
fi
|
|
|
|
SQL_FILES=(
|
|
00_database.sql
|
|
01_raw_tables.sql
|
|
02_dictionaries.sql
|
|
03_anubis_tables.sql
|
|
04_mv_http_logs.sql
|
|
05_aggregation_tables.sql
|
|
06_ml_tables.sql
|
|
07_ai_features_view.sql
|
|
08_users.sql
|
|
09_audit_table.sql
|
|
10_perf_indexes.sql
|
|
11_views.sql
|
|
12_thesis_features.sql
|
|
)
|
|
|
|
for f in "${SQL_FILES[@]}"; do
|
|
filepath="${SCRIPT_DIR}/${f}"
|
|
if [[ ! -f "$filepath" ]]; then
|
|
echo "WARN: ${f} not found, skipping" >&2
|
|
continue
|
|
fi
|
|
|
|
echo ">>> Applying ${f} ..."
|
|
sed \
|
|
-e "s/ja4_logs/${CLICKHOUSE_DB_LOGS}/g" \
|
|
-e "s/ja4_processing/${CLICKHOUSE_DB_PROCESSING}/g" \
|
|
"$filepath" \
|
|
| clickhouse-client "${CH_ARGS[@]}" --multiquery
|
|
done
|
|
|
|
echo "=== Schema deployment complete ==="
|
|
echo " logs db: ${CLICKHOUSE_DB_LOGS}"
|
|
echo " processing db: ${CLICKHOUSE_DB_PROCESSING}"
|