Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
3-10
FireSIGHT System Database Access Guide
Chapter 3 Schema: System-Level Tables
sru_import_log
sru_import_log
The
sru_import_log
table contains information on rule update processes that have been run on your
appliances. The
sru_import_log
table supersedes the deprecated
seu_import_log
table starting with
Version 5.0 of the FireSIGHT System.
For more information, see the following sections:
•
•
•
sru_import_log Fields
The following table describes the database fields you can access in the
sru_import_log
table.
Table 3-6
sru_import_log Fields
Field
Description
action
Indicates the action that has occurred for the imported rule update object type:
•
apply
- the
Reapply intrusion policies after the Rule Update import completes
option was enabled for the
import
•
changed
- for a rule update component or rule, the rule update component was modified, or
the rule has a higher revision number and the same GID and SID
•
collision
- for a rule update component or rule, import was skipped because its revision
conflicts with an existing component or rule on the appliance
•
deleted
- for rules, the rule has been deleted from the rule update
•
disabled
- for rules, the rule has been disabled in a default policy provided by Cisco
•
drop
- for rules, the rule has been set to
Drop and Generate Events
in a default policy provided by
Cisco
•
enabled
- for a rule update, edit, a preprocessor, rule, or other feature provided by the rule
update has been enabled in a default policy provided by Cisco
•
error
- for a rule update or local rule file, the import failed
•
new
- for a rule, this is the first time the object has been stored on this appliance
detail
Either a comment string unique for the change applied by the imported rule update to the
component or rule, or blank, for a rule that has not changed.
component or rule, or blank, for a rule that has not changed.
generator_id
The GID for the generator for a rule.
import_time_sec
The UNIX timestamp of the date and time the rule update import was logged.
name
The name of the imported object. For rules, this corresponds to the rule message. For rule update
components, this is the component name, such as online help or Snort.
components, this is the component name, such as online help or Snort.
policy
All
, indicating that a rule is included in all default policies.
revision
Revision number for a rule.
signature_id
The SID for a rule or set of rules, decoder, or preprocessor.
sru_name
Descriptive name of the rule update.