Hello all, I have written a small firewall, and sshd, logging system which uses postgresql for storing the logs.
The table that stores the firewall logs has, among other columns, from_ip, port and a timestamp. I want to construct a query which returns the columns: from_ip | port 22 entries | total entries | last_access I have managed to put this together: select from_ip, count(from_ip) as entries, max(ts)::timestamp(0) as last_access from log where to_port=22 and direction='in' group by from_ip So the only thing I'm missing is the total number of log entries matching the from_ip, but that's where I'm stuck. My instinct is to try to use subqueries: select from_ip, count(from_ip) as entries, count(select * from log where ...) as tot_entries, max(ts)::timestamp(0) as last_access from log where to_port=22 and direction='in' group by from_ip ..but count() doesn't take a subquery afaik, and how would I match the from_ip in the inner select with the outer one? So I assume that subqueries aren't the way yo go. Is there even a query to return those columns in that configuration? Thankful for any hints or tips. -- Kind Regards, Jan Danielsson Te audire non possum. Musa sapientum fixa est in aure.
signature.asc
Description: OpenPGP digital signature
