Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
7-6
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_log
responder_ip_address
Field deprecated in Version 5.2. Returns
null
for all queries.
responder_ipaddr
A binary representation of the IPv4 or IPv6 address for the host that
responded to the session initiator.
responded to the session initiator.
responder_ipv4
Field deprecated in Version 5.2. Returns
null
for all queries.
responder_port
The port used by the session responder.
responder_user_dept
The department of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_email
The email address of the user who last logged into the host that responded
to the session initiator.
to the session initiator.
responder_user_first_name
The first name of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_id
An internal identification number for the user who last logged into the host
that responded to the session initiator.
that responded to the session initiator.
responder_user_last_name
The last name of the user who last logged into the host that responded to the
session initiator.
session initiator.
responder_user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last
detected user activity for the user who last logged into the host that
responded to the session initiator.
detected user activity for the user who last logged into the host that
responded to the session initiator.
responder_user_last_updated_sec
The UNIX timestamp of the date and time the FireSIGHT System last
updated the user record for the user who last logged into the host that
responded to the session initiator.
updated the user record for the user who last logged into the host that
responded to the session initiator.
responder_user_name
The user name of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_phone
The phone number of the user who last logged into the host that responded
to the session initiator.
to the session initiator.
security_context
Description of the security context (virtual firewall) that the traffic passed
through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
security_intelligence_category
The Security Intelligence category associated with the connection.
security_intelligence_ip
Whether the Security Intelligence-monitored IP address associated with the
connection is a source IP (
connection is a source IP (
src
) or destination IP (
dst
).
security_zone_egress_name
The egress security zone in the connection event.
security_zone_ingress_name
The ingress security zone in the connection event.
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4 address,ipv6 address
.
sensor_name
The name of the managed device that monitored the session.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
source_device
Field deprecated in Version 5.0. Returns
null
for all queries.
src_device_ip
Field deprecated in Version 5.2. Due to backwards compatibility the value
in this field is not set to
in this field is not set to
null
, but it is not reliable.
Table 7-2
connection_log Fields (continued)
Field
Description