u-siem-sqlite-store-0.0.3 doesn't have any documentation.
uSiem SQlite store
uSiem component that stores events in a sqlite database.
Real numbers
Log indexing is fast enough for most use cases, being around 5000 logs/sec in debug mode. A total of 1 million logs with 52 columns without indexes has a size of 293.3 MB. A total of 1 million logs with 52 columns with an index per column (non text columns) has a size of 517.2 MB.
Indexing example
SELECT event_created, event_received,vendor, product, service, category,tenant,tags,origin,`host.hostname`, message, `source.ip`, `user.domain`, `user.name`, `event.outcome`
FROM log_table ORDER BY event_created DESC LIMIT 10;
event_created | event_received | vendor | product | service | category | tenant | tags | origin | host.hostname | message | source.ip | user.domain | user.name | event.outcome |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361471 | 1637535361471 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361470 | 1637535361470 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361470 | 1637535361470 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
1637535361470 | 1637535361470 | MagicDevices | MagicDevice001 | sshd | Authentication | Default | {} | 0.0.0.0 | hostname1 | This is a log example ..............111111111111111111111111222222222222222222222223333333333333333333333 | 10.10.10.10 | CNMS | cancamusa | FAIL |
Example indexing logs
let mut comp = new;
let local_chan = comp.local_channel;
let = bounded;
comp.set_log_channel;
spawn;
for _ in 1..100000
// Stop the component
sleep;
let _ = local_chan.send;