Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
5-10
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
session_stats_current_timeframe
ids_impact_stats_current_timeframe Joins
You cannot perform joins on the
ids_impact_stats_current_
timeframe
tables.
ids_impact_stats_current_timeframe Sample Query
The following query returns the first 25
blocked
and
would_have_dropped
events during the current day.
SELECT blocked, would_have_dropped
FROM ids_impact_stats_current_year
LIMIT 25;
session_stats_current_timeframe
The
session_stats_
timeframe
tables contain statistics for all connections. Statistics can be extracted
based on bytes, connection, sensor, and time.
For an understanding of the
current_day
,
current_month
, and
current_year
statistics tables, see
.
For more information on the
session_stats_current_
timeframe
tables, see the following sections:
•
•
•
sensor_id
ID of the device that provided the event.
sensor_name
The name of the managed device that generated the intrusion event.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
start_time_sec
The UNIX timestamp of the date and time the measurement interval starts.
For detailed information, see
For detailed information, see
.
would_have_dropped
Number of packets that would have been dropped if the intrusion policy had
been set to drop packets in an inline deployment.
been set to drop packets in an inline deployment.
Table 5-8
ids_impact_stats_current_timeframe Fields (continued)
Field
Description