Symantec 10521146 - Network Security 7120 Administration Manual page 329

Table B-2 Oracle Event Table
Field Name Type
atkproc varchar(3000)
atkuser varchar(255)
class varchar(33)
clusterID integer
contextBuffer varchar(512)
contextDesc varchar(512)
crtTime integer
custID varchar(41)
dips varchar(195)
dst_etheraddr varchar(33)
dvName varchar(41)
endTime integer
eventCode varchar(65)
eventNum integer
Description
Indicates the process name of the attacker, or
blank if not applicable.
Indicates the username of the attacker, or blank if
not applicable.
Indicates the event class.
Indicates the user-defined Network Security
cluster ID where the incident originated.
Indicates additional information sent by the
sensor. Not every event will have context
information.
Indicates the description of the data in
contextBuffer.
Indicates the time when this event was realized in
the Analysis Framework.
Indicates the Customer ID that this event is
associated with.
Indicates a list of destination IPs for this event.
Indicates the destination ethernet address.
Indicates the name of the network device where
the event was detected.
Indicates the end time for this event, according to
the sensor.
Indicates the Symantec standard code
representing the event.
Indicates the event number for this incident. The
first event in an incident will have an eventNum
of 1. The eventNum will be incremented by 1 for
each subsequent event.
SQL reference 329
Using Oracle tables
Notes
sniffer - for
security events
generic - for
operational events,
etc.
Example: For HTTP
events, this may be a
URL. For FTP events,
this may be a
username.
Base-64 encoded.
Standard UNIX time
format (seconds since
1970 GMT)
Standard UNIX time
format.