Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
7-11
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_summary
connection_summary Joins
The following table describes the joins you can perform using the
connection_summary
table.
connection_summary Sample Query
The following query returns up to five connection event summary records detected by the selected
device.
device.
SELECT initiator_ipaddr, responder_ipaddr, protocol_name, application_protocol_id,
source_device, sensor_name, sensor_address, packets_recv, packets_sent, bytes_recv,
bytes_sent, connection_type, num_connections
FROM connection_summary
WHERE sensor_name='linden' limit 5;
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4_address,ipv6_address
.
sensor_name
The name of the managed device that monitored the aggregated sessions.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
source_device
The identification of the source device, which is either:
•
the IP address of the NetFlow-enabled device that exported the data for
the connection
the connection
•
FireSIGHT
if the connection was detected by a Cisco managed device
start_time_sec
The UNIX timestamp of the date and time the five-minute interval used to
aggregate the sessions in the summary started.
aggregate the sessions in the summary started.
Table 7-4
connection_summary Fields (continued)
Field
Description
Table 7-5
connection_summary Joins
You can join this table on...
And...
application_protocol_id
initiator_ipaddr
or
responder_ipaddr