Table sem5.dbo.ENFORCER_TRAFFIC_LOG_1
Keeps client traffic activities that occur in Enforcers

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
USN bigint 8 A USN-based serial number; this ID is not unique.
DOMAIN_ID char 32 Not used (logged as '00000000000000000000000000000000')
SITE_ID char 32 GUID of the site to which the log belongs
TIME_STAMP bigint 8 The time when the event is logged into system (GMT), which is server side time
EVENT_ID int 4  √  null An event ID from send agent:
17 = Incoming traffic blocked
18 = Outgoing traffic blocked
33 = Incoming traffic allowed
34 = Outgoing traffic allowed
EVENT_TIME bigint 8 The event generated time (GMT)
ENFORCER_ID char 32 GUID of the Enforcer
ENFORCER_TYPE tinyint 1 0 = Gateway Enforcer
1 = LAN Enforcer
2 = DHCP Enforcer
3 = Integrated Enforcer
4 = NAP Enforcer
5 = PeerToPeer Enforcer
CLIENT_ID char 32  √  null Not used (logged as '')
LOCAL_HOST_IP bigint 8 The IP address of local computer (IPv4)
REMOTE_HOST_IP bigint 8 The IP address of remote computer (IPv4)
NETWORK_PROTOCOL tinyint 1 The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4)
LOCAL_PORT int 4 The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero
REMOTE_PORT int 4 The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero.
TRAFFIC_DIRECTION tinyint 1 The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2)
BEGIN_TIME bigint 8  √  null The begin time of Enforcer event
END_TIME bigint 8  √  null The end time of Enforcer event
BLOCKED tinyint 1 Specify if the traffic was blocked. (0 = blocked, 1 = Not blocked ** note the difference in values between this and the AGENT_TRAFFIC_LOG_x tables)
TOTAL_BYTES int 4 The total length of all packets in the traffic
REPETITION int 4  √  null The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system.
ALERT tinyint 1 It reflects the alert attribute in profile action. It is true if action::alert is true.
RESERVED_INT1 int 4  √  null
RESERVED_INT2 int 4  √  null
RESERVED_BIGINT1 bigint 8  √  null
RESERVED_BIGINT2 bigint 8  √  null
RESERVED_CHAR1 char 32  √  null
RESERVED_CHAR2 char 32  √  null
RESERVED_VARCHAR1 nvarchar 520  √  null
RESERVED_BINARY varbinary 2000  √  null
LOG_IDX char 32  √  null

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USN Performance Asc I_ENFORCER_TRAFFIC_LOG_1
LOG_IDX Performance Asc I_ENFORCER_TRAFFIC_LOG_1_LOG_IDX
EVENT_TIME Performance Asc I_ENFORCER_TRAFFIC_LOG_1_TIME