From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 3 Sep 2025 14:45:22 +0000 (+0000)
Subject: reporter: Remove all data older than 5 years from the database
X-Git-Tag: 0.2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4e260cb73af1263f070e65375ca14a065738470;p=suricata-reporter.git

reporter: Remove all data older than 5 years from the database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/reporter.conf.in b/src/reporter.conf.in
index ba16d21..5943006 100644
--- a/src/reporter.conf.in
+++ b/src/reporter.conf.in
@@ -19,6 +19,10 @@
 ; The path to the database
 ;database = @suricatalogdir@/reporter.db
 
+[database]
+; Retain all events for this long (in days)
+;retention = 1825
+
 [syslog]
 ; Enable sending any alerts to syslog in the human-reable fast.log format
 ;enabled = true
diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in
index c6b91bc..1e302b2 100644
--- a/src/suricata-reporter.in
+++ b/src/suricata-reporter.in
@@ -79,6 +79,9 @@ class Reporter(object):
 		# Create an events queue
 		self.queue = queue.Queue(1024)
 
+		# Remember the last time the database was cleaned
+		self.last_cleanup_at = None
+
 		# Keep references to our workers
 		self.workers = []
 
@@ -307,6 +310,10 @@ class Worker(threading.Thread):
 
 			# If there was nothing in the queue, we will try again
 			except queue.Empty:
+				# We have time to cleanup the database
+				self.cleanup()
+
+				# Nothing else to do in this iteration...
 				continue
 
 			# Parse the event
@@ -340,6 +347,49 @@ class Worker(threading.Thread):
 
 		log.debug("Worker %s terminated" % self.native_id)
 
+	_cleanup = threading.Lock()
+
+	def cleanup(self):
+		"""
+			Cleanup the database
+		"""
+		now = datetime.datetime.utcnow()
+
+		# Cleanup the database if it has never been cleaned up
+		if self.reporter.last_cleanup_at is None:
+			pass
+
+		# Cleanup the database if the last cleanup has been
+		elif self.reporter.last_cleanup_at + datetime.timedelta(hours=6) <= now:
+			pass
+
+		# Otherwise we won't cleanup the database
+		else:
+			return
+
+		# Acquire the lock so this will only run once
+		if self._cleanup.acquire(blocking=False):
+			try:
+				log.debug("Cleaning up the database...")
+
+				# Determine the retention time
+				retention_days = datetime.timedelta(
+					days = self.config.getint("database", "retention", fallback=365 * 5)
+				)
+
+				# Save when we performed this last
+				self.reporter.last_cleanup_at = now
+
+				# Remove everything
+				self.db.execute(
+					"DELETE FROM alerts WHERE timestamp <= ?",
+					(now - retention_days,),
+				)
+
+			# Release the lock
+			finally:
+				self._cleanup.release()
+
 	def process(self, event):
 		"""
 			Called whenever we have received an event