Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

A table’s name ends with 

, 

, or 

 to indicate the timeframe of its 

data. For example, the 

describes 

, 

, and 

. The 

 table stores 

statistics for 360 days; the 

 table stores for 30 days.

Each time the Defense Center receives raw counts from managed devices in your network, it updates all 
three table types, but does so at successively coarser resolution. The 

 table has the finest 

resolution (15 seconds or 5 minutes, depending on the particular table); the 

 table has the 

coarsest resolution (24 hours). See 

specific information.

See the following table for important details.

A storage interval is defined by its start time. For example, the 

 table contains counts for 

the hour 

10:00:00

 - 

10:59:59

 as one record with a timestamp of 

10:00:00

. Note that a day begins at 

00:00:00

 and ends at 

23:59:59

. Interval start times are stored as UNIX timestamps (GMT). 

The effective time interval for a query is defined by both the table and the 

time_start_sec

 field in the 

query.

access control and intrusion protection activity, by user.

5.0+

traffic volume and system access control activity 
(connections allowed or denied), by user.

5.0+

current_day

15 seconds for

 

 and 

current interval plus all intervals in the 
preceding 24 hours

5 minutes for

 

, 

, 

, and 

current interval plus all intervals in the 
preceding 24 hours

current_month

one hour

current hour plus the hours stretching back 
30 days

current_year

24 hours

current day plus the preceding 360 days