From fc73c28ef8966485e2dad9ab80a98115bee3ab32 Mon Sep 17 00:00:00 2001
From: Pieter van der Meulen <pieter.vandermeulen@surf.nl>
Date: Tue, 12 May 2026 13:00:51 +0200
Subject: [PATCH] Describe the role of the log_logins and lastseen tables

---
 roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2  | 11 ++++++++---
 .../templates/parse_stepupauth_to_mysql.py.j2        | 12 ++++++++----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2 b/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2
index 96a478f44..c71a1ba81 100644
--- a/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2
+++ b/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2
@@ -1,7 +1,12 @@
 #!/usr/bin/python3
-# This script parses the files produced by engineblock and inserts them into a mySQL table where the SURFconext stats module will analyse the data further
-# This script is intended to be used during logrotate
-# It picks up all files starting with ebauth- (all rotated files) and parses them
+# This script parses the authentication log files produced by engineblock and inserts them into two tables:
+# - log_logins: contains login events from engineblock and stepup-gateway, and is there for use manually querying logins.
+#               There is no further processing done on this table.
+#               A daily cronjob runs clean_loglogins.j2 to remove old logins from the log_logins table.
+# - last_login: contains the last login date for each user. This is used for deprovisioning (lifecycle)
+#
+# This script is intended to be used during logrotate with the delaycompress option set.
+# It picks up all files starting with ebauth- that do not end in .gz and parses them
 
 import os
 import sys
diff --git a/roles/rsyslog/templates/parse_stepupauth_to_mysql.py.j2 b/roles/rsyslog/templates/parse_stepupauth_to_mysql.py.j2
index 7c552bfd1..8c98f29d2 100644
--- a/roles/rsyslog/templates/parse_stepupauth_to_mysql.py.j2
+++ b/roles/rsyslog/templates/parse_stepupauth_to_mysql.py.j2
@@ -1,8 +1,12 @@
 #!/usr/bin/python3
-# This script parses rotated stepup-authentication.log files produced by engineblock.
-# It filters for successful logins (authentication_result:OK) and inserts the data
-# into the log_logins and last_login MySQL tables.
-# This script is intended to be run separately during logrotate.
+# This script parses the authentication log files produced by stepup-gateway and inserts them into two tables:
+# - log_logins: contains login events from engineblock and stepup-gateway, and is there for use manually querying logins.
+#               There is no further processing done on this table.
+#               A daily cronjob runs clean_loglogins.j2 to remove old logins from the log_logins table.
+# - last_login: contains the last login date for each user. This is used for deprovisioning (lifecycle)
+#
+# This script is intended to be used during logrotate with the delaycompress option set.
+# It picks up all files starting with stepup-authentication.log- that do not end in .gz and parses them
 
 import os
 import sys