Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

The following table describes the database fields you can access in the 

 table.

access_control_policy_name

The access control policy that contains the access control rule (or default 
action) that logged the connection.

access_control_reason

The reason that the access control rule logged the connection. One of the 
following:

User Bypass

IP Block

IP Monitor

File Monitor

File Block

File Resume

Intrusion Block

blank if there is no connection logged

access_control_rule_action

The action associated with the access control rule (or default action): 

allow

, 

block

, and so on.

access_control_rule_id

An internal identification number for the rule.

access_control_rule_name

The access control rule (or default action) that logged the connection.

application_protocol_id

An internal identification number of the application protocol.

application_protocol_name

One of:

the name of the application, if a positive identification can be made

unknown

 if the system cannot identify the server based on known server 

fingerprints

pending

 if the system requires more data

blank if there is no application information in the connection

bytes_recv

The total number of bytes transmitted by the session responder.

bytes_sent

Total number of bytes transmitted by the session initiator.

client_application_id

An internal identification number for the client application that was used in 
the intrusion event.

client_application_name

The client application, if available, that was used in the intrusion event. One 
of:

the name of the application, if a positive identification can be made.

a generic client name if the system detects a client application but 
cannot identify a specific one.

blank if there is no client application information in the connection.

client_application_version

The version of the client application.