I have the following dataset pulling from traffic log:
select from_dtime(dtime) as timestamp, user as user, catdesc, hostname as website, action as status, sum(bandwidth) as bandwidth from (###(select dtime, catdesc, hostname, action, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and logid_to_int(logid) not in (4, 7, 14) and utmevent in (' webfilter' , ' banned-word' , ' web-content' , ' command-block' , ' script-filter' ) group by dtime, catdesc, hostname, action order by dtime desc)### union all ###(select dtime, catdesc, hostname, action, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-webfilter where $filter and hostname is not null and (eventtype is null or logver=52) group by dtime, user, catdesc, hostname, action order by dtime desc)###) t group by dtime, user, catdesc, website, status order by dtime desc
And it works, mostly, to give me detailed web browsing. The problem in 5.2 is, it seems the ' user as user' doesn' t return the right information. It returns ' postgres' for all users.
I' d like to get srcip and username if at all possible in this but not having any luck.
Any thoughts?