public function discard($days)
{
$discardedEventCount = ProcessorEventMatchstate::discardOld($this->tDbh, $days);
Log::notice(sprintf("%u old event(s) discarded", $discardedEventCount));
QueryLoghost::discardUnused($this->tDbh);
QueryUser::discardUnused($this->tDbh);
QueryHostipNetwork::discardUnused($this->tDbh);
QueryHostip::discardUnused($this->tDbh);
QueryHostmac::discardUnused($this->tDbh);
QueryService::discardUnused($this->tDbh);
}
private function update()
{
$loghostId = QueryLoghost::getLoghostId($this->tDbh, $this->tMatchedLoghost);
$serviceId = QueryService::getServiceId($this->tDbh, $this->tMatchedService);
$networkId = QueryHostipNetwork::getNetworkId($this->tDbh, $this->tNetworkmap, $this->tMatchedHostip);
$hostipId = QueryHostip::getHostipId($this->tDbh, $this->tMatchedHostip);
$hostmacId = QueryHostmac::getHostmacId($this->tDbh, $this->tMatchedHostmac);
$userId = QueryUser::getUserId($this->tDbh, $this->tUserdb, $this->tMatchedUser);
if (!Options::pretend()) {
$select = $this->tDbh->prepare("SELECT a.id, a.count, a.first, a.last FROM event a WHERE a.loghostid = ? AND a.serviceid = ? AND a.typeid = ? AND a.networkid = ? AND a.hostipid = ? AND a.hostmacid = ? AND a.userid = ?");
$select->bindValue(1, $loghostId, PDO::PARAM_STR);
$select->bindValue(2, $serviceId, PDO::PARAM_STR);
$select->bindValue(3, $this->tEvent->getTypeid(), PDO::PARAM_STR);
$select->bindValue(4, $networkId, PDO::PARAM_STR);
$select->bindValue(5, $hostipId, PDO::PARAM_STR);
$select->bindValue(6, $hostmacId, PDO::PARAM_STR);
$select->bindValue(7, $userId, PDO::PARAM_STR);
$select->execute();
$select->bindColumn(1, $id, PDO::PARAM_STR);
$select->bindColumn(2, $count, PDO::PARAM_INT);
$select->bindColumn(3, $first, PDO::PARAM_INT);
$select->bindColumn(4, $last, PDO::PARAM_INT);
if ($select->fetch(PDO::FETCH_BOUND) !== false) {
$count++;
$first = min($first, $this->tMatchedTimestamp);
$last = max($last, $this->tMatchedTimestamp);
$update = $this->tDbh->prepare("UPDATE event SET count = ?, first = ?, last = ? WHERE id = ?");
$update->bindValue(1, $count, PDO::PARAM_INT);
$update->bindValue(2, $first, PDO::PARAM_INT);
$update->bindValue(3, $last, PDO::PARAM_INT);
$update->bindValue(4, $id, PDO::PARAM_STR);
$update->execute();
} else {
$insert = $this->tDbh->prepare("INSERT INTO event (loghostid, serviceid, typeid, networkid, hostipid, hostmacid, userid, count, first, last) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$insert->bindValue(1, $loghostId, PDO::PARAM_STR);
$insert->bindValue(2, $serviceId, PDO::PARAM_STR);
$insert->bindValue(3, $this->tEvent->getTypeid(), PDO::PARAM_STR);
$insert->bindValue(4, $networkId, PDO::PARAM_STR);
$insert->bindValue(5, $hostipId, PDO::PARAM_STR);
$insert->bindValue(6, $hostmacId, PDO::PARAM_STR);
$insert->bindValue(7, $userId, PDO::PARAM_STR);
$insert->bindValue(8, 1, PDO::PARAM_INT);
$insert->bindValue(9, $this->tMatchedTimestamp, PDO::PARAM_INT);
$insert->bindValue(10, $this->tMatchedTimestamp, PDO::PARAM_INT);
$insert->execute();
$id = $this->tDbh->lastInsertId();
}
$insert = $this->tDbh->prepare("INSERT INTO log (eventid, time, line) VALUES(?, ?, ?)");
foreach ($this->tMatchedLines as $line) {
$insert->bindValue(1, $id, PDO::PARAM_STR);
$insert->bindValue(2, $this->tMatchedTimestamp, PDO::PARAM_STR);
$insert->bindValue(3, $line, PDO::PARAM_STR);
$insert->execute();
}
}
}