#!/usr/bin/ruby

usage = <<US
create-agg <trace table>
Example: create-agg [options] ABCD_20090201
Will create ABCD_20090201_FlowsAggByDstIp and
ABCD_20090201_FlowsAggByDstIpPort from ABCD_20090201_Flows
Options:
-r      recreate aggregates, that is use GtProto, GtApp and GtState information.
US

recreate = false
if ARGV[0] == '-r'
    recreate = true
    ARGV.shift
end
trace = ARGV[0] || abort('Expecting trace name: ' + usage)

sql = <<SQL
DROP TABLE IF EXISTS `#{trace}_FlowsAggByDstIp`;
CREATE TABLE `#{trace}_FlowsAggByDstIp` (
  `DstIp` int(10) unsigned NOT NULL default '0',
  `DstPorts` longtext,
  `Flows` bigint(20) unsigned default NULL,
  `Pkts` bigint(20) unsigned default NULL,
  `TotalBytes` bigint(20) unsigned default NULL,
  `PayloadBytes` bigint(20) unsigned default NULL,
  `L7Marks` longtext,
  `GtProtos` longtext,
  `GtApps` longtext,
  `GtVerified` bigint(20) NOT NULL default '0',
  `GtQuestioned` bigint(20) NOT NULL default '0',
  PRIMARY KEY  (`DstIp`),
  KEY `Flows` (`Flows`),
  KEY `GtVerified` (`GtVerified`),
  KEY `GtQuestioned` (`GtQuestioned`),
  KEY `Pkts` (`Pkts`),
  KEY `TotalBytes` (`TotalBytes`),
  KEY `PayloadBytes` (`PayloadBytes`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

INSERT INTO `#{trace}_FlowsAggByDstIp`
SELECT DstIp,
GROUP_CONCAT( DISTINCT DstPort ORDER BY DstPort) AS DstPorts,
COUNT( * ) AS Flows , SUM( Pkts0 + Pkts1 ) AS Pkts ,
SUM( TotalBytes0 + TotalBytes1 ) AS TotalBytes ,
SUM( PayloadBytes0 + PayloadBytes1 ) AS PayloadBytes ,
GROUP_CONCAT( DISTINCT L7Mark ORDER BY L7Mark) AS L7Marks,
SQL

if recreate == false
    sql += <<SQL
NULL, NULL, 0, 0
SQL
else
    sql += <<SQL
GROUP_CONCAT(DISTINCT GtProto) AS GtProtos,
GROUP_CONCAT(DISTINCT GtApp) AS GtApps,
SUM(IF(GtState = 'verified', 1, 0)) AS GtVerified,
SUM(IF(GtState = 'questioned', 1, 0)) AS GtQuestioned
SQL
end

sql += <<SQL
FROM `#{trace}_Flows` GROUP BY DstIp;

ALTER TABLE `#{trace}_FlowsAggByDstIp` ORDER BY Flows DESC;

DROP TABLE IF EXISTS `#{trace}_FlowsAggByDstIpPort`;
CREATE TABLE `#{trace}_FlowsAggByDstIpPort` (
  `DstIp` int(10) unsigned NOT NULL default '0',
  `DstPort` smallint(5) unsigned NOT NULL default '0',
  `Flows` bigint(20) unsigned default NULL,
  `Pkts` bigint(20) unsigned default NULL,
  `TotalBytes` bigint(20) unsigned default NULL,
  `PayloadBytes` bigint(20) unsigned default NULL,
  `L7Marks` longtext,
  `GtProtos` longtext,
  `GtApps` longtext,
  `GtVerified` bigint(20) NOT NULL default '0',
  `GtQuestioned` bigint(20) NOT NULL default '0',
  PRIMARY KEY  (`DstIp`,`DstPort`),
  KEY `Flows` (`Flows`),
  KEY `GtVerified` (`GtVerified`),
  KEY `GtQuestioned` (`GtQuestioned`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

INSERT INTO `#{trace}_FlowsAggByDstIpPort`
SELECT DstIp , DstPort, COUNT( * ) AS Flows , SUM( Pkts0 + Pkts1 ) AS Pkts ,
SUM( TotalBytes0 + TotalBytes1 ) AS TotalBytes ,
SUM( PayloadBytes0 + PayloadBytes1 ) AS PayloadBytes ,
GROUP_CONCAT( DISTINCT L7Mark ORDER BY L7Mark) AS L7Marks,
SQL

if recreate == false
    sql += <<SQL
NULL, NULL, 0, 0
SQL
else
    sql += <<SQL
GROUP_CONCAT(DISTINCT GtProto) AS GtProtos,
GROUP_CONCAT(DISTINCT GtApp) AS GtApps,
SUM(IF(GtState = 'verified', 1, 0)) AS GtVerified,
SUM(IF(GtState = 'questioned', 1, 0)) AS GtQuestioned
SQL
end

sql += <<SQL
FROM `#{trace}_Flows` GROUP BY DstIp, DstPort;
SQL

puts sql

