[prev in list] [next in list] [prev in thread] [next in thread] 

List:       prelude-devel
Subject:    Re: [prelude-devel] [Prelude Hybrid IDS] #239: postgres specific
From:       "Paul Robert Marino" <prmarino1 () gmail ! com>
Date:       2007-06-14 16:29:58
Message-ID: 71775d40706140929v595a323evd60c84b2bd494dda () mail ! gmail ! com
[Download RAW message or body]

well after significant investigation I found there was no practical way to
fix ticket #52 without using subqueries, and even then the subqueries
requiered decreased preformance exponentialy. this is because you cant use
MIN() or MAX() in WHERE clauses, furthermore the subqueries would need all
of the conditions of the parent query.

there is an other way i found to produce the same result as this patch which
should be database generic in the initial query used to get list of the
agrigated alerts MAX(time) if MIN(time) is used as well the query can be
targeted to using a WHERE clause to match the exact time this has a
comperable effect on postgresql and should work on mysql as well. it might
also yeald a speed increase on mysql but it would need to be tested.



On 6/14/07, Prelude Hybrid IDS <noreply@prelude-ids.org> wrote:
>
> #239: postgres specific handling of min and max times in groupings
>
> ---------------------------------+------------------------------------------
> Reporter:  prmarino1@gmail.com  |        Owner:  yoann
>      Type:  enhancement          |       Status:  new
> Priority:  high                 |    Milestone:  Prewikka 0.9.12
> Component:  prewikka             |      Version:  0.9
> Severity:  normal               |   Resolution:
> Keywords:                       |
>
> ---------------------------------+------------------------------------------
> Comment (by yoann):
>
> Replying to [ticket:239 prmarino1@gmail.com]:
> > here is a patch to handle min and max alert time in groupings
> differently on postgresql than other databases. this patch will not effect
> mysql or sqllite users.
> > the methodology used in the patch for postgresql should also be tested
> under sqllite I suspect it will have the same effect but im not sure.
>
>
> Hello Paul, and thanks for your patch!
>
> We are currently on our way to fixing several issues with the databases
> schema. Therefore I am going to wait until this is finished before making
> any change in the way we perform query to the database system, since
> improving the schema will impact the query themselves.
>
> Concerning your patch, rather than solving the MIN/MAX problem in
> Prewikka, which involve using different path for different database, it
> would be interesting to have a look at fixing ticket #52, which would
> finally permit to fix the issue in a database independent way.
>
> Making the query different depending on the database in Prewikka itself
> defeat the abstraction purpose of libpreludedb, and make the code more
> error prone and difficult to debug. So I would be willing to investigate
> this, but only as a last resort if we have no solution to the main
> problem.
>
> Regards,
>
> --
> Ticket URL: <https://trac.prelude-ids.org/ticket/239#comment:1>
> Prelude Hybrid IDS <http://www.prelude-ids.org>
> The Prelude Hybrid Intrusion Detection System suite

[prev in list] [next in list] [prev in thread] [next in thread]