rivermuse database schema
RiverMuse Core 3.4.0
|
Database name: rivermuse
Defined in: /var/lib/mysql/rivermuse
users table
The users table contains all the information about each user in the system.
| Column name |
Constraints |
Data Type |
Description |
| userId |
PRIMARY KEY |
Integer |
|
| username |
INDEX |
VARCHAR(32) |
|
| userpwd |
|
VARCHAR(255) |
|
| activated |
|
Integer |
|
| auth_level |
|
Integer |
|
| join_date |
|
DATETIME |
|
| email |
|
VARCHAR(200) |
|
authorities table
| Column name |
Constraints |
Data Type |
Description |
| authority |
PRIMARY KEY |
VARCHAR(64) |
|
| auth_level |
|
Integer |
|
|
|
conditions table
The conditions table is a gate that yarpd uses to decide whether or not to run an action.
| Column name |
Constraints |
Data Type |
Description |
| name |
PRIMARY KEY |
VARCHAR(64) |
Name of the condition. |
| priority |
|
Integer |
A priority order in which to evaluate the conditions. Conditions with a lower number take precedence over conditions with a higher number. |
| auto |
|
Integer |
A flag to see if the condition is automatically created. 0 for manually created conditions, and 1 for automatically generated conditions. |
| IDUC |
|
Integer |
A flag to see if the condition is to be triggered between updates, alert closes, or alert deletes. If the value is 1, the condition only fires when an alert is deleted (closed). If the value is 2, the condition only fires when an alert is created/updated. If the value is 0, any of them can fire. |
| entity |
|
VARCHAR(64) |
The entity upon which the condition is associated. If NULL, only the rule controls the execution of the condition. Currently not in use. |
| rule |
|
VARCHAR(255) |
A filter to evaluate against the alert. The result (either TRUE or FALSE) will determine which actions to run. |
| evaluate_after |
|
VARCHAR(64) |
A parent condition. A method of nesting conditions. For example, condition B can only be evaluated after condition A; therefore, condition B is only considered if condition A is triggered, or if the parent is a Timed Condition, and more then 0 alerts fall into the filter. |
| active |
|
Integer |
Condition is running or not. 1 enables the condition. 0 disables the condition. |
| run_every |
|
Integer |
Defines the time interval in seconds. For timed conditions it should be >0; otherwise, the condition will be considered as real-time. |
| exec_delay |
|
Integer |
How long a condition remains TRUE before the action fires. |
| delta_only |
|
Integer |
Edge or level trigger. 1 indicates that actions will only run on edges, 0 indicates that actions will run on both edges and levels. |
| up_action |
|
VARCHAR(64) |
Up edge. Name of the action that executes when a rule is evaluated as TRUE. |
| down_action |
|
VARCHAR(64) |
Trailing edge. Name of the action that executes when rule is evaluated as FALSE. |
MVC_flags table
The MVC_flags table informs real time clients of databases such as yarpd of changes, for example, changes to the data in the alerts table.
| Column name |
Constraints |
Data Type |
Description |
| entities |
|
Integer |
|
| states |
|
Integer |
|
| transitions |
|
Integer |
|
alerts table
The alerts table stores all alerts that are currently active in the system.
| Column name |
Constraints |
Data Type |
Description |
| discriminator |
PRIMARY KEY UNIQUE |
VARCHAR(128) |
Relates to how the deduplicator works. A unique discriminator exists for each alert. |
| id |
KEY |
Integer |
A unique global identity that exists for each alert. |
| entity |
|
VARCHAR(64) |
The entity is the device. |
| agent |
|
VARCHAR(64) |
The agent that is the source of the alert. |
| agent_entity |
|
VARCHAR(64) |
The device that the agent is running on. |
| type |
|
VARCHAR(64) |
Name of the alert rule that created the alert. |
| severity |
|
Integer |
The OSI severity code. |
| count |
|
Integer |
Number of times alert has occurred. |
| description |
|
VARCHAR(254) |
A short textual description of the alert. |
| first_occured |
|
DATETIME |
Time that the alert first occurred. |
| last_occurred |
|
DATETIME |
Time that the alert was last updated. |
| agent_time |
|
DATETIME |
First occurred time recorded by the agent. |
| state |
|
Integer |
Supplementary table for state_types. Assigned, new or resolved. |
| owner |
|
Integer |
Current owner of the alert. |
| token1 |
|
VARCHAR(64) |
Supplementary information on the alerts sent from the database. A token from the event. |
| token2 |
|
VARCHAR(64) |
|
| token3 |
|
VARCHAR(64) |
|
| token4 |
|
VARCHAR(64) |
|
| token5 |
|
VARCHAR(64) |
|
| token6 |
|
VARCHAR(64) |
|
alert_col_synonym table
| Column name |
Constraints |
Data Type |
Description |
| colname |
|
VARCHAR(64) |
|
| syn |
|
VARCHAR(64) |
|
state_types table
The state_types table holds the values of the states of an alert. The state_types table is a subsidiary table to the alerts table.
| Column name |
Constraints |
Data Type |
Description |
| code |
PRIMARY KEY |
Integer |
|
| description |
|
VARCHAR(32) |
|
alerts_trashcan table
The alerts_trashcan table is a mirror of the alerts table. When an alert is closed, RiverMuse inserts a close event into the events table. RiverMuse deletes the alert from the alerts table, and inserts a copy of it into the alert_trashcan table. Yarpd uses the contents of alerts_trashcan table to run conditions and actions on alerts as they are closed; thereby, providing the variables for the $ syntax in the conditions and actions table.
| Column name |
Constraints |
Data Type |
Description |
| discriminator |
PRIMARY KEY |
VARCHAR(128) |
Relates to how the deduplicator works. A unique discriminator exists for each alert. |
| id |
KEY |
Integer |
A unique global identity that exists for each alert. |
| entity |
|
VARCHAR(64) |
The entity is the device. |
| agent |
|
VARCHAR(64) |
The agent that is the source of the alert. |
| agent_entity |
|
VARCHAR(64) |
The device that the agent is running on. |
| type |
|
VARCHAR(64) |
Name of the alert rule that created the alert. |
| severity |
|
Integer |
The OSI severity code. |
| count |
|
Integer |
Number of times alert has occurred. |
| description |
|
VARCHAR(254) |
A short textual description of the alert. |
| first_occured |
|
DATETIME |
Time that the alert first occurred. |
| last_occurred |
|
DATETIME |
Time that the alert was last updated. |
| agent_time |
|
DATETIME |
First occurred time recorded by the agent. |
| state |
|
Integer |
Supplementary table state_types. Assigned, new, or, resolved. |
| owner |
|
Integer |
Current owner of the alert. |
| token1 |
|
VARCHAR(64) |
Supplementary information on the alerts sent from the database. |
| token2 |
|
VARCHAR(64) |
|
| token3 |
|
VARCHAR(64) |
|
| token4 |
|
VARCHAR(64) |
|
| token5 |
|
VARCHAR(64) |
|
| token6 |
|
VARCHAR(64) |
|
events table
The events table is for system events, and mirrors the alerts table.
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY |
Integer |
A unique global identity that exists for each event. |
| type |
|
Integer |
Name of the event rule that created the event. A subsidiary table exists, event_types. |
| entity |
|
VARCHAR(64) |
The entity describes the reason for the event. |
| alert_id |
|
Integer |
References the entry in the alerts table to which the event refers. |
| description |
|
VARCHAR(254) |
A short textual description of the event. |
| timestamp |
|
DATETIME |
Time that the event first occurred. Timestamp will always be a local timestamp. |
| owner |
|
Integer |
Current owner of the event. |
| token1 |
|
VARCHAR(64) |
|
| token2 |
|
VARCHAR(64) |
|
| token3 |
|
VARCHAR(64) |
|
| token4 |
|
VARCHAR(64) |
|
| token5 |
|
VARCHAR(64) |
|
| token6 |
|
VARCHAR(64) |
|
event_types table
The event_types table is a subsidiary table to the events table.
| Column name |
Constraints |
Data Type |
Description |
| code |
PRIMARY KEY |
Integer |
|
| description |
|
VARCHAR(32) |
|
alert_MVC table
The alert_MVC table lists the alert ids of the changed alerts.
| Column name |
Constraints |
Data Type |
Description |
| id |
|
Integer |
|
alert_rules table
The alert_rules table controls when a measured piece of data from one of the agents causes an alert to be created.
| Column name |
Constraints |
Data Type |
Description |
| name |
PRIMARY KEY |
VARCHAR(128) |
Unique name of the alert rule. |
| filter |
|
VARCHAR(254) |
A string of Rule Definition Language. |
| priority |
|
Integer |
Number to govern the firing order of the rules. The higher the priority number the later rule fires. |
| agent |
|
VARCHAR(64) |
Name of the Agent that generates the event. Rules can only be run against events that this agent generates. |
| ev_agent |
|
VARCHAR(64) |
A template string defining the Agent name given in the alert rule. |
| discriminator |
|
VARCHAR(128) |
A template string distinguishing which alert relates to which event. |
| description |
|
VARCHAR(254) |
Description of the alert rule. |
| agent_entity |
|
VARCHAR(64) |
A template string identifying the Agent host. |
| severity |
|
VARCHAR(32) |
A template string defining the severity level associated with an alert: Clear, Informational, Warning, Minor, Major, Critical. |
| owner |
|
VARCHAR(32) |
A template string identifying an owner of the alert from a list of previously registered users in the User Management GUI. |
| token1 |
|
VARCHAR(64) |
|
| token2 |
|
VARCHAR(64) |
|
| token3 |
|
VARCHAR(64) |
|
| token4 |
|
VARCHAR(64) |
|
| token5 |
|
VARCHAR(64) |
|
| token6 |
|
VARCHAR(64) |
|
alert_vars table
The alert_vars table provides the mapping between the tokens and assigned names. For example, instead of referencing anonymous variables, variables will be referenced as CPU, trigger time etc.
| Column name |
Constraints |
Data Type |
Description |
| name PRIMARY KEY VARCHAR(64) |
| token1 |
|
VARCHAR(64) |
Name of the variable in token 1. |
| token2 |
|
VARCHAR(64) |
Name of the variable in token 2. |
| token3 |
|
VARCHAR(64) |
Name of the variable in token 3. |
| token4 |
|
VARCHAR(64) |
Name of the variable in token 4. |
| token5 |
|
VARCHAR(64) |
Name of the variable in token 5. |
| token6 |
|
VARCHAR(64) |
Name of the variable in token 6. |
severities table
| Column name |
Constraints |
Data Type |
Description |
| severity |
PRIMARY KEY |
Integer |
|
| label |
|
VARCHAR(32) |
|
entities table
The entities table describes all the managed entities in the system. Whenever you see entities referred to in any of the tables, e.g., alerts, or conditions, there will be a corresponding entry in the entities table.
The entities table acts as a local look-up for a managed entity (object) and provides a complete set of network addresses. For any entity, one of the 7 OSI addresses can be stored. For example, if you have non-IP manageable devices, the entity may be a file in a file system, because the pathname is a layer 7 address.
| Column name |
Constraints |
Data Type |
Description |
| entity |
PRIMARY KEY |
VARCHAR(64) |
Principal entity name. |
| description |
|
VARCHAR(512) |
A short textual description of the entity. |
| address_l1 |
|
VARCHAR(64) |
OSI layer one address. |
| address_l2 |
|
VARCHAR(64) |
OSI layer two address. |
| address_l3 |
|
VARCHAR(64) |
OSI layer three address. |
| address_l4 |
|
VARCHAR(64) |
OSI layer four address. |
| address_l5 |
|
VARCHAR(64) |
OSI layer five address. |
| address_l6 |
|
VARCHAR(64) |
OSI layer six address. |
| address_l7 |
|
VARCHAR(64) |
OSI layer seven address. |
| contained_by |
|
VARCHAR(64) |
|
| type |
|
VARCHAR(32) |
|
| aliases |
|
VARCHAR(255) |
Comma separated list of aliases. |
| changed |
|
Integer |
1 if the entity changes, 0 otherwise. |
entity_trashcan table
The entity_trashcan table works like alerts_trashcan as there is the concept of real-time actions occurring when the entities change.
| Column name |
Constraints |
Data Type |
Description |
| entity |
|
VARCHAR(64) |
Principal entity name. |
actions table
The actions table describes the result of a condition firing, and the actions taken upon a condition being met by an alert. The external action, create alert, and update alert action type columns indicate which parameters are necessary when creating that type of action.
| Column name |
Constraints |
Data Type |
Description |
Create Alert |
Update Alert |
External Action |
| name |
PRIMARY KEY |
VARCHAR(64) |
Name of the action. |
|
|
|
| type |
|
Integer |
Supplementary table is action _types. Integer value that indicates the type of action. The supported types are:
1 (CreateAlert): Creates the alert with given attributes.
3 (UpdateAlert): Updates the alert(s) by setting the given attributes.
4 (CloseAlert): Closes the given alert.
5 (ExternalAction): Executes the external command in the subshell. Depending on the type of action, the columns below may be NULL. |
|
|
|
| filter |
|
VARCHAR(255) |
Used when doing an update on an alert. For an UpdateAlert action, the filter defines which alerts will be updated (it is a template for updating alerts <fields> where <filter> statement). This field will be skipped in an action of another type. CHECK |
|
|
|
| discriminator |
|
VARCHAR(128) |
Defines a template for the discriminator. For a CreateAlert action, it will be used to create a new alert. For a CloseAlert action, it will be used to identify which alert to close. |
|
|
|
| description |
|
VARCHAR(254) |
A description of an alert. |
|
|
|
| entity |
|
VARCHAR(64) |
An entity which generates the alert. |
|
|
|
| agent |
|
VARCHAR(64) |
The name of the agent that generated the alert. |
|
|
|
| severity |
|
VARCHAR(32) |
The severity of the alert (see severities table). |
|
|
|
| ev_type |
|
VARCHAR(32) |
For an UpdateAlert action, the type of event that will be generated (see event_types table). |
|
|
|
| state |
|
VARCHAR(32) |
The state of the alert (see state_types table). |
|
|
|
| owner |
|
VARCHAR(32) |
The owner of the alert (see users table). Also for CloseAlert action it indicates the user on behalf of who alert will be closed. CHECK |
|
|
|
| token1 |
|
VARCHAR(64) |
Tokens (t1 - t6) meaningful to those who are dealing with an alert. |
|
|
|
| token2 |
|
VARCHAR(64) |
|
|
|
|
| token3 |
|
VARCHAR(64) |
|
|
|
|
| token4 |
|
VARCHAR(64) |
|
|
|
|
| token5 |
|
VARCHAR(64) |
|
|
|
|
| token6 |
|
VARCHAR(64) |
|
|
|
|
| command |
|
VARCHAR(128) |
The shell command or script to be executed. |
|
|
|
| args |
|
VARCHAR(255) |
Parameters to be passed to the command. |
|
|
|
| host |
|
VARCHAR(255) |
A host on which to execute commands. Currently not in use. |
|
|
|
action_types table
The action_types table is a subsidiary table to the actions table.
| Column name |
Constraints |
Data Type |
Description |
| code |
PRIMARY KEY |
Integer |
|
| description |
|
VARCHAR(32) |
A short textual description of the action. |
time_values table
The time_values table is used in the $ syntax to reference the number of seconds, for example, $day, $hour etc.
| Column name |
Constraints |
Data Type |
Description |
| name |
PRIMARY KEY |
VARCHAR(32) |
|
| syn |
|
Integer |
|
constants table
The constants table is a roll up table for all the subsidiary tables. The constants table is automatically created in the database; thereby providing one place for all the constants.
| Column name |
Constraints |
Data Type |
Description |
| name |
|
VARCHAR(32) |
|
| code |
|
Integer |
|
FilterMetaData table
| Column name |
Constraints |
Data Type |
Description |
| iD |
PRIMARY KEY NOT NULL |
Integer |
|
| filter |
NOT NULL |
VARCHAR(50) |
|
| filterValue |
NOT NULL |
VARCHAR(50) |
|
| Display Name |
NOT NULL |
VARCHAR(50) |
|
| bgColor |
|
VARCHAR(50) |
|
| fontColor |
|
VARCHAR(50) |
|
| correlationType |
|
VARCHAR(50) |
|
Operator table
| Column name |
Constraints |
Data Type |
Description |
| iD |
PRIMARY KEY NOT NULL |
Integer |
|
| operator |
NOT NULL |
VARCHAR(20) |
|
UserFilters table
| Column name |
Constraints |
Data Type |
Description |
| iD |
PRIMARY KEY NOT NULL |
Integer |
|
| userId |
KEY NOT NULL |
Integer |
|
| filterName |
KEY NOT NULL |
VARCHAR(50) |
|
| filterOn |
|
VARCHAR(50) |
|
| operator |
|
Integer |
|
| Value |
|
VARCHAR(50) |
|
| logicalOperator |
|
VARCHAR(10) |
|
| query |
|
|
|
| isDefault |
NOT NULL |
VARCHAR(10) |
|
| corelationType |
|
VARCHAR(50) |
|
| filterType |
NOT NULL |
VARCHAR(50) |
|
UserPrefs table
| Column name |
Constraints |
Data Type |
Description |
| iD |
PRIMARY KEY NOT NULL |
Integer |
|
| userId |
KEY NOT NULL |
VARCHAR(50) |
|
| preference |
NOT NULL |
VARCHAR(255) |
|
| prefValue |
NOT NULL |
VARCHAR(200) |
|
| correlationType |
|
VARCHAR(50) |
|
| type |
NOT NULL |
VARCHAR(15) |
|
| field |
|
VARCHAR(60) |
|
WizardFilters table
The WizardFilters table stores the wizard filter information for the RiverMuse Desktop.
| Column name |
Constraints |
Data Type |
Description |
| iD |
PRIMARY KEY NOT NULL |
Integer |
|
| userId |
KEY NOT NULL |
Integer |
|
| filterName |
KEY NOT NULL |
VARCHAR(50) |
|
| rowType |
|
Integer |
|
| rowData |
|
VARCHAR(200) |
|
| isStartGroup |
|
Integer |
|
| isEndGroup |
|
Integer |
|
| corelationType |
|
VARCHAR(50) |
|
| source |
NOT NULL |
VARCHAR(50) |
|
| startIndex |
NOT NULL |
SMALLINT |
|
| endIndex |
NOT NULL |
SMALLINT |
|
Modules table
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY NOT NULL |
BIGINT(20) |
|
| moduleName |
UNIQUE KEY NOT NULL |
VARCHAR(50) |
|
Roles table
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY NOT NULL |
BIGINT(20) |
|
| role |
UNIQUE KEY NOT NULL |
VARCHAR(60) |
|
| roleDescription |
NOT NULL |
VARCHAR(250) |
|
| permissions |
NOT NULL |
SMALLINT(6) |
|
| isDefault |
NOT NULL |
TINYINT(1) |
|
UserModulePermissions table
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY NOT NULL |
BIGINT(20) |
|
| userId |
NOT NULL |
BIGINT(20) |
|
| moduleId |
NOT NULL |
BIGINT(20) |
|
| roleId |
NOT NULL |
BIGINT(20) |
|
WebServiceHosts table
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY NOT NULL UNSIGNED |
BIGINT |
|
| host |
UNIQUE KEY NOT NULL |
VARCHAR(200) |
|
EventConsoleDefaultSettings table
| Column name |
Constraints |
Data Type |
Description |
| id |
PRIMARY KEY NOT NULL |
Integer |
|
| preference |
NOT NULL |
VARCHAR(255) |
|
| prefValue |
NOT NULL |
VARCHAR(200) |
|
| corelationType |
|
VARCHAR(50) |
|
| type |
NOT NULL |
VARCHAR(15) |
|
| field |
|
VARCHAR(60) |
|
agent_data_rules table
The agent_data_rules table describes the polling activity of the agents under omosd. For active agents, this is important for poll definitions. For passive agents, this involves formatting and flow control. Only one definition should exist for each passive agent.
| Column name |
Constraints |
Data Type |
Description |
| name |
PRIMARY KEY |
VARCHAR(64) |
The name of the data rule. |
| agent |
|
VARCHAR(64) |
An agent relevant to the data rule. |
| target_entity |
|
VARCHAR(64) |
A target entity references an entry in the entities table from which the agent can get all the necessary network addresses. |
| frequency |
|
Integer |
How often the data rule is run. |
| alert_msg_string |
|
VARCHAR(254) |
Failure to succeed. If for some reason the agent cannot complete the poll, this string is sent up as the description element. It supports $ syntax. |
| alert_restore_string |
|
VARCHAR(254) |
Poll succeeds. If the agent completes the poll, this string is sent up as the description. It supports $ syntax. |
| variables |
VARCHAR(254) |
A common separated list of things to get in the poll. They are included by name in the XML. For example, if you have a variable "a,b,c" in the XML sent up to omosd you will have
<a>...</a>
<b>...</b>
They become tokens that can be referenced by the $ syntax in for example, the alert_rules table. |
| variables_config |
|
VARCHAR(254) |
In the variable config list you are dealing with human readable names; however, the agent may be talking protocol like SNMP to the target entity, which asks for CPU by using a non-human readable string. Therefore this provides the mapping between how you refer to the variable locally and how the protocol refers to it. Variable_config is a placeholder to send over to the agent some textual data that will help the agent understand the files. |
| active |
|
Integer |
1 for active otherwise 0. |