Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
7-2
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_log
connection_log Fields
The following table describes the database fields you can access in the
connection_log
table.
Table 7-2
connection_log Fields
Field
Description
access_control_policy_name
The access control policy that contains the access control rule (or default
action) that logged the connection.
action) that logged the connection.
access_control_reason
The reason that the access control rule logged the connection. One of the
following:
following:
•
User Bypass
•
IP Block
•
IP Monitor
•
File Monitor
•
File Block
•
File Resume
•
Intrusion Block
•
blank if there is no connection logged
access_control_rule_action
The action associated with the access control rule (or default action):
allow
,
block
, and so on.
access_control_rule_id
An internal identification number for the rule.
access_control_rule_name
The access control rule (or default action) that logged the connection.
application_protocol_id
An internal identification number of the application protocol.
application_protocol_name
One of:
•
the name of the application, if a positive identification can be made
•
unknown
if the system cannot identify the server based on known server
fingerprints
•
pending
if the system requires more data
•
blank if there is no application information in the connection
bytes_recv
The total number of bytes transmitted by the session responder.
bytes_sent
Total number of bytes transmitted by the session initiator.
client_application_id
An internal identification number for the client application that was used in
the intrusion event.
the intrusion event.
client_application_name
The client application, if available, that was used in the intrusion event. One
of:
of:
•
the name of the application, if a positive identification can be made.
•
a generic client name if the system detects a client application but
cannot identify a specific one.
cannot identify a specific one.
•
blank if there is no client application information in the connection.
client_application_version
The version of the client application.