diff --git a/installer.sh b/installer.sh
index daeeca0..287a649 100755
--- a/installer.sh
+++ b/installer.sh
@@ -341,78 +341,6 @@ function bc_set_setting(string $key, string $value): void {
         ON CONFLICT(key) DO UPDATE SET value=excluded.value, updated_at=CURRENT_TIMESTAMP');
     $stmt->execute([$key, $value]);
 }
-
-function bc_local_timezone(): string {
-    $tz = bc_setting('timezone', '');
-    if ($tz !== '') {
-        return $tz;
-    }
-
-    $systemTz = trim((string)@shell_exec('timedatectl show -p Timezone --value 2>/dev/null'));
-    if ($systemTz !== '') {
-        return $systemTz;
-    }
-
-    return date_default_timezone_get() ?: 'UTC';
-}
-
-function bc_local_time(?string $utcTime): string {
-    $utcTime = trim((string)$utcTime);
-    if ($utcTime === '') {
-        return '';
-    }
-
-    try {
-        $dt = new DateTime($utcTime, new DateTimeZone('UTC'));
-        $dt->setTimezone(new DateTimeZone(bc_local_timezone()));
-        return $dt->format('F j, Y g:i:s A');
-    } catch (Throwable $e) {
-        return $utcTime;
-    }
-}
-
-function bc_event_label(?string $type): string {
-    $type = trim((string)$type);
-
-    $labels = [
-        // BaldCanary web events
-        'page_view' => 'Page View',
-        'form_submit' => 'Form Submission',
-        'xss_probe' => 'XSS Probe',
-        'sql_injection_probe' => 'SQL Injection Probe',
-        'command_injection_probe' => 'Command Injection Probe',
-        'path_traversal_probe' => 'Path Traversal Probe',
-        'sensitive_file_probe' => 'Sensitive File Probe',
-        'session_file_probe' => 'Session File Probe',
-        'exposed_session_directory' => 'Exposed Session Directory',
-        'php_session_file' => 'PHP Session File Access',
-        'backup_directory' => 'Backup Directory Access',
-        'mysql_backup_directory' => 'MySQL Backup Directory Access',
-        'api_docs' => 'API Documentation Access',
-        'swagger_docs' => 'Swagger Documentation Access',
-        'phpinfo_probe' => 'PHP Info Probe',
-        'env_file_probe' => 'Environment File Probe',
-        'config_file_probe' => 'Config File Probe',
-    ];
-
-    $mapFile = '/opt/baldcanary/config/opencanary_event_labels.json';
-    if (is_readable($mapFile)) {
-        $oc = json_decode((string)file_get_contents($mapFile), true);
-        if (is_array($oc)) {
-            $labels = $labels + $oc;
-        }
-    }
-
-    if (isset($labels[$type])) {
-        return $labels[$type];
-    }
-
-    if (preg_match('/^[a-z0-9_\-\.]+$/i', $type)) {
-        return ucwords(str_replace(['_', '-', '.'], ' ', $type));
-    }
-
-    return $type !== '' ? $type : 'Unknown Event';
-}
 PHP
 
   cat > "$APP_ROOT/app/common/functions.php" <<'PHP'
@@ -483,11 +411,39 @@ function bc_detection_for_request(): array {
     return ['page_view', null];
 }
 
+function bc_local_timezone(): string {
+    $tz = bc_setting('timezone', '');
+    if ($tz !== '') {
+        return $tz;
+    }
+
+    $systemTz = trim((string)@shell_exec('timedatectl show -p Timezone --value 2>/dev/null'));
+    if ($systemTz !== '') {
+        return $systemTz;
+    }
+
+    return date_default_timezone_get() ?: 'UTC';
+}
+
+function bc_local_time(?string $utcTime): string {
+    $utcTime = trim((string)$utcTime);
+    if ($utcTime === '') {
+        return '';
+    }
+
+    try {
+        $dt = new DateTime($utcTime, new DateTimeZone('UTC'));
+        $dt->setTimezone(new DateTimeZone(bc_local_timezone()));
+        return $dt->format('F j, Y g:i:s A');
+    } catch (Throwable $e) {
+        return $utcTime;
+    }
+}
+
 function bc_event_label(?string $type): string {
     $type = trim((string)$type);
 
     $labels = [
-        // BaldCanary web events
         'page_view' => 'Page View',
         'form_submit' => 'Form Submission',
         'xss_probe' => 'XSS Probe',
@@ -505,20 +461,21 @@ function bc_event_label(?string $type): string {
         'phpinfo_probe' => 'PHP Info Probe',
         'env_file_probe' => 'Environment File Probe',
         'config_file_probe' => 'Config File Probe',
-
-        // OpenCanary common numeric log types
-        '1001' => 'OpenCanary Started',
-        '1002' => 'OpenCanary Stopped',
-        '1003' => 'OpenCanary Error',
-        '18001' => 'RDP Connection',
     ];
 
+    $mapFile = '/opt/baldcanary/config/opencanary_event_labels.json';
+    if (is_readable($mapFile)) {
+        $oc = json_decode((string)file_get_contents($mapFile), true);
+        if (is_array($oc)) {
+            $labels = $oc + $labels;
+        }
+    }
+
     if (isset($labels[$type])) {
         return $labels[$type];
     }
 
-    // Friendly fallback: "some_event_name" -> "Some Event Name"
-    if (preg_match('/^[a-z0-9_\\-\\.]+$/i', $type)) {
+    if (preg_match('/^[a-z0-9_\-\.]+$/i', $type)) {
         return ucwords(str_replace(['_', '-', '.'], ' ', $type));
     }