Table sem5.dbo.AGENT_PACKET_LOG_1
Keeps packet traffic that occur in agents

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
USN bigint 8 A USN-based serial number; this ID is not unique.
DOMAIN_ID char 32 GUID of the domain to which the log belongs
SITE_ID char 32 GUID of the site to which the log belongs
SERVER_ID char 32 GUID of the server to which the log belongs
GROUP_ID char 32 GUID of the group to which the log belongs
COMPUTER_ID char 32 GUID of the client computer associated with the agent packet log
TIME_STAMP bigint 8 The time when the event is logged into system (GMT), which is server side time
EVENT_ID int 4 An event ID from send agent:
401 = Raw Ethernet
EVENT_TIME bigint 8 The event generated time (GMT)
AGENT_ID char 32  √  null GUID of the agent
HARDWARE_KEY char 32  √  null Hash of Computer Hardware information
HOST_NAME nvarchar 512  √  null Host Name of client computer
LOCAL_HOST_IP bigint 8  √  null The IP address of local computer (IPv4)
REMOTE_HOST_IP bigint 8  √  null The IP address of remote computer (IPv4)
REMOTE_HOST_NAME nvarchar 128  √  null The Name of remote computer (it may be empty if name solve failed)
LOCAL_PORT int 4  √  null The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero.
REMOTE_PORT int 4  √  null The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero.
TRAFFIC_DIRECTION tinyint 1  √  null The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2)
BLOCKED tinyint 1 Specify if the traffic was blocked (Yes = 1, no = 0)
APP_NAME nvarchar 512  √  null The full path name of the application involved. It may be empty if an unknown application is involved or if no application is involved. For example, the ping of death DoS attack does not have an AppName because it attacks the operating system.
ALERT int 4  √  null It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, no = 0)
SEND_SNMP_TRAP tinyint 1  √  null It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, no = 0)
EVENT_DATA varbinary 2000  √  null Additional data in binary format. This field is optional.
RESERVED_INT1 int 4  √  null
RESERVED_INT2 int 4  √  null
RESERVED_BIGINT1 bigint 8  √  null
RESERVED_BIGINT2 bigint 8  √  null
RESERVED_CHAR1 char 32  √  null
RESERVED_CHAR2 char 32  √  null
RESERVED_VARCHAR1 nvarchar 520  √  null
RESERVED_BINARY varbinary 2000  √  null
LOG_IDX char 32  √  null Log index unique ID
LOCAL_HOST_IPV6 varchar 32  √  null Local host IPv6
REMOTE_HOST_IPV6 varchar 32  √  null Remote host IPv6
RULE_NAME nvarchar 512  √  null Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition.

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USN Performance Asc I_AGENT_PACKET_LOG_1
ALERT Performance Asc I_AGENT_PACKET_LOG_1_ALERT
COMPUTER_ID Performance Asc I_AGENT_PACKET_LOG_1_COMPUTER_ID_PLUS
EVENT_TIME + USN + DOMAIN_ID + SITE_ID + SERVER_ID + GROUP_ID + COMPUTER_ID + TIME_STAMP + EVENT_ID + HOST_NAME + LOCAL_PORT + TRAFFIC_DIRECTION + BLOCKED + LOG_IDX Performance Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc/Asc I_AGENT_PACKET_LOG_1_EVENT_TIME_PLUS
EVENT_ID Performance Asc I_AGENT_PACKET_LOG_1_ID
LOG_IDX Performance Asc I_AGENT_PACKET_LOG_1_LOG_IDX
TIME_STAMP Performance Asc I_AGENT_PACKET_LOG_1_TS