Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Firepower Management Center 2000
  5. Entwickleranleitung

Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Download
Seite von 180
 
7-9
FireSIGHT System Database Access Guide
 
Chapter 7      Schema: Connection Log Tables
  connection_summary
The aggregated data in a connection summary includes the total number of packets and bytes sent by the 
initiator and responder hosts, as well as the number of connections in the summary.
The 
connection_summary 
table supersedes the deprecated 
rna_flow_summary
 table starting with Version 
5.0 of the FireSIGHT System.
For more information, see the following sections:
  •
  •
  •
connection_summary Fields
The following table describes the database fields you can access in the 
connection_summary
 table.
Table 7-4
connection_summary Fields 
Field
Description
application_protocol_id
An internal identification number for the application protocol.
application_protocol_name
One of:
  •
the name of the application, if a positive identification can be made
  •
unknown
 if the system cannot identify the server based on known server 
fingerprints
  •
pending
 if the system requires more data
  •
blank if there is no application information in the connection
bytes_recv
The total number of bytes transmitted by the session responder.
bytes_sent
The total number of bytes transmitted by the session initiator.
connection_type
The detection source for the connection information. Either:
  •
rna
, if detected by a Cisco device
  •
netflow
, if exported by a NetFlow-enabled device
flow_type
Field deprecated in Version 5.0. Returns 
null
 for all queries.
id
An internal identification number for the connection summary.
initiator_ip_address
Field deprecated in Version 5.2. Returns 
null
 for all queries.
initiator_ipaddr
A binary representation of the IP address of the host that initiated the 
session.
initiator_user_dept
The department of the user who last logged into the initiator host.
initiator_user_email
The email address of the user who last logged into the initiator host.
initiator_user_first_name
The first name of the user who last logged into the initiator host.
initiator_user_id
An internal identification number for the user who last logged into the 
initiator host.
initiator_user_last_name
The last name of the user who last logged into the initiator host.
initiator_user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last 
detected user activity for the user who last logged into the initiator host.