technical reference guide - ibm€¦ · technical reference guide version 2.0, ... command and...
TRANSCRIPT
Internet Security Systems, Inc.6303 Barfield RoadAtlanta, Georgia 30328-4233United States(404) 236-2600http://www.iss.net
© Internet Security Systems, Inc. 1994-2005. All rights reserved worldwide. Customers may make reasonable numbers of copies of this publication for internal use only. This publication may not otherwise be copied or reproduced, in whole or in part, by any other person or entity without the express prior written consent of Internet Security Systems, Inc.
Patent pending.
Internet Security Systems, System Scanner, Wireless Scanner, SiteProtector, ADDME, AlertCon, ActiveAlert, FireCell, FlexCheck, Secure Steps, SecurePartner, SecureU, and X-Press Update are trademarks and service marks, and the Internet Security Systems logo, X-Force, SAFEsuite, Internet Scanner, Database Scanner, Online Scanner, Proventia, and RealSecure registered trademarks, of Internet Security Systems, Inc. Network ICE, ICEpac, and ICEcap are trademarks, and BlackICE is a licensed trademark, of Network ICE Corporation, a wholly owned subsidiary of Internet Security Systems, Inc. SilentRunner is a registered trademark of Raytheon Company. Acrobat and Adobe are registered trademarks of Adobe Systems Incorporated. Certicom is a trademark and Security Builder is a registered trademark of Certicom Corp. Check Point, FireWall-1, OPSEC, Provider-1, and VPN-1 are registered trademarks of Check Point Software Technologies Ltd. or its affiliates. Cisco and Cisco IOS are registered trademarks of Cisco Systems, Inc. HP-UX and OpenView are registered trademarks of Hewlett-Packard Company. IBM and AIX are registered trademarks of IBM Corporation. Intel and Pentium are registered trademarks of Intel. Lucent is a trademark of Lucent Technologies, Inc. ActiveX, Microsoft, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation. Net8, Oracle, Oracle8, SQL*Loader, and SQL*Plus are trademarks or registered trademarks of Oracle Corporation. Seagate Crystal Reports, Seagate Info, Seagate, Seagate Software, and the Seagate logo are trademarks or registered trademarks of Seagate Software Holdings, Inc. and/or Seagate Technology, Inc. Secure Shell and SSH are trademarks or registered trademarks of SSH Communications Security. iplanet, Sun, Sun Microsystems, the Sun Logo, Netra, SHIELD, Solaris, SPARC, and UltraSPARC are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Adaptive Server, SQL, SQL Server, and Sybase are trademarks of Sybase, Inc., its affiliates and licensers. Tivoli is a registered trademark of Tivoli Systems Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. All other trademarks are the property of their respective owners and are used here in an editorial context without intent of infringement. Specifications are subject to change without notice.
Disclaimer: The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than ISS or the X-Force. Use of this information constitutes acceptance for use in an “AS IS” condition, without warranties of any kind, and any use of this information is at the user’s own risk. ISS and the X-Force disclaim all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall ISS or the X-Force be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if ISS or the X-Force has been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Internet Security Systems, Inc. The views and opinions of authors expressed herein do not necessarily state or reflect those of Internet Security Systems, Inc., and shall not be used for advertising or product endorsement purposes.
Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the Internet prevents Internet Security Systems from guaranteeing the content or existence of the resource. When possible, the reference contains alternate sites or keywords that could be used to acquire the information by other methods. If you find a broken or inappropriate link, please send an email with the topic name, link, and its behavior to [email protected].
December 08, 2004
Contents
Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vHow to use SiteProtector Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viConventions Used in this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiGetting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Chapter 1: Diagnostic and Debugging SetupOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Running the Sensor Controller as a Java Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Setting up Run-time Logging for the Sensor Controller Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Setting up Run-Time Logging for the Application Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2: Log File DiagnosticsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Section A: Miscellaneous Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Application Server Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Database Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Installation Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23X-Press Update Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Active Directory Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Section B: Log4j Logging Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Log4j Application Server and Sensor Controller Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Changing Log4j Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Section C: Sensor Controller Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Sensor Controller Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Sensor Controller SiteProtector Database Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Sensor Controller SiteProtector Core Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Sensor Controller Event Collector Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Sensor Controller Agent Manager Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Sensor Controller Internet Scanner Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Sensor Controller Internet Scanner Databridge Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Sensor Controller A-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Sensor Controller G-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Sensor Controller RealSecure Network Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Sensor Controller RealSecure Network Gigabit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Sensor Controller Server Sensor Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Sensor Controller SiteProtector Third Party Module Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Section D: Agent Manager Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Agent Manager Desktop Protection Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Desktop Controller M-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
iiiTechnical Reference Guide Version 2.0, SP5
Contents
Appendix A: Database SchemaOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Application Security Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Auditing and Diagnostics Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Command and Control Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Grouping Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57ITRSO Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Metrics Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Sensor Data Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Site Analysis Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Site Filters Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Staging and Rejects Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Statistics Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64X-Force Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Complete Database Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
iv
Preface
Overview
Introduction The SiteProtector Technical Reference Guide describes the diagnostic capabilities of SiteProtector, and also gives recommendations for some of the issues you may encounter as you use SiteProtector.
Scope The Technical Reference Guide contains information about diagnostic and debugging setup, log files, and database schematics. Chapter one explains the options for setting up the Sensor Controller Diagnostics console and how to activate run-time debugging for the sensor controller and the application server. Chapter two includes most of the SiteProtector log files, which can help you identify and correct problems with components or agents. Although the chapter is not a comprehensive list of all SiteProtector log files, it contains those files that will most likely be of use for your implementation. The Appendix contains the SiteProtector database schematics.
Audience This guide is for network administrators, security administrators, or any other individuals who are responsible for installing SiteProtector and managing network security.
vTechnical Reference Guide Version 2.0, SP5
Preface
How to Use SiteProtector Documentation
Using this guide This guide includes some of the issues that you may encounter when working with SiteProtector, but it is not a troubleshooting guide.
Reference: For the most up-to-date list of SiteProtector issues, see the ISS Knowledgebase at http://www.iss.net/support/knowledgebase/. If the Knowledgebase does not help you resolve your issue, email ISS Customer Support at [email protected] or call ISS Customer Support at (1) (888) 447-4861.
Related publications The following table describes other SiteProtector user documents:
Document Contents
SiteProtector Installation Guide
Provides the tasks for installing SiteProtector components and optional modules. It includes information about advanced configuration tasks such as hardening third-party software security, securing database communication, configuring firewalls for SiteProtector traffic, and configuring failover Event Collectors.
SiteProtector Best Practices Guide
Contains the following:
• combines the various contexts of each ISS product (Internet Scanner, Network sensor, Server, System Scanner, BlackICE agents) into a unified protection strategy
• shows security professionals how to deploy ISS products, maintain protection, and tune, expand and update their protection over time using security best practices
• simplifies the process of planning and assessment by providing four protection models that managers can easily tailor to their environment
• presents information that is high level and modular enough to accommodate product changes without significant maintenance
SiteProtector Help Contains all the procedures that you need to use SiteProtector, including advanced procedures that may not be available in a printed user document.
SiteProtector User Guide for Security Managers
Contains the information a Security Manager needs to configure, update, and maintain SiteProtector.
Table 1: Description of SiteProtector user documents
vi
Conventions Used in this Guide
Conventions Used in this Guide
Introduction This topic explains the typographic conventions used in this guide to make information in procedures and commands easier to recognize.
In procedures The typographic conventions used in procedures are shown in the following table:
Command conventions
The typographic conventions used for command lines are shown in the following table:
Convention What it Indicates Examples
Bold An element on the graphical user interface.
Type the computer’s address in the IP Address box.Select the Print check box. Click OK.
SMALL CAPS A key on the keyboard. Press ENTER.Press the PLUS SIGN (+).
Constant width
A file name, folder name, path name, or other information that you must type exactly as shown.
Save the User.txt file in the Addresses folder.Type IUSR__SMA in the Username box.
Constant width italic
A file name, folder name, path name, or other information that you must supply.
Type Version number in the Identification information box.
A sequence of commands from the taskbar or menu bar.
From the taskbar, select Start Run.On the File menu, select Utilities Compare Documents.
Table 2: Typographic conventions for procedures
Convention What it Indicates Examples
Constant width bold
Information to type in exactly as shown.
md ISS
Italic Information that varies according to your circumstances.
md your_folder_name
[ ] Optional information. dir [drive:][path] [filename] [/P][/W] [/D]
| Two mutually exclusive choices.
verify [ON|OFF]
{ } A set of choices from which you must choose one.
% chmod {u g o a}=[r][w][x] file
Table 3: Typographic conventions for commands
viiTechnical Reference Guide Version 2.0, SP5
Preface
Getting Technical Support
Introduction ISS provides technical support through its Web site and by email or telephone.
The ISS Web site The Internet Security Systems (ISS) Resource Center Web site (http://www.iss.net/support/) provides direct access to frequently asked questions (FAQs), white papers, online user documentation, current versions listings, detailed product literature, and the Technical Support Knowledgebase (http://www.iss.net/support/knowledgebase/).
Support levels ISS offers three levels of support:
● Standard
● Select
● Premium
Each level provides you with 24-7 telephone and electronic support. Select and Premium services provide more features and benefits than the Standard service. Contact Client Services at [email protected] if you do not know the level of support your organization has selected.
Hours of support The following table provides hours for Technical Support at the Americas and other locations:
Contact information The following table provides electronic support information and telephone numbers for technical support requests:
Location Hours
Americas 24 hours a day
All other locations
Monday through Friday, 9:00 A.M. to 6:00 P.M. during their local time, excluding ISS published holidays
Note: If your local support office is located outside the Americas, you may call or send an email to the Americas office for help during off-hours.
Table 4: Hours for technical support
Regional Office
Electronic Support Telephone Number
North America Connect to the MYISS section of our Web site:
www.iss.net
Standard:(1) (888) 447-4861 (toll free)
(1) (404) 236-2700
Select and Premium:Refer to your Welcome Kit or call your Primary Designated Contact for this information.
Latin America [email protected] (1) (888) 447-4861 (toll free)
(1) (404) 236-2700
Table 5: Contact information for technical support
viii
Getting Technical Support
Europe, Middle East, and Africa
[email protected] (44) (1753) 845105
Asia-Pacific, Australia, and the Philippines
[email protected] (1) (888) 447-4861 (toll free)
(1) (404) 236-2700
Japan [email protected] Domestic: (81) (3) 5740-4065
Regional Office
Electronic Support Telephone Number
Table 5: Contact information for technical support (Continued)
ixTechnical Reference Guide Version 2.0, SP5
Chapter 1
Diagnostic and Debugging Setup
Overview
Introduction This chapter explains the options for setting up the Sensor Controller Diagnostics console and how to activate run-time debugging for the sensor controller and the application server.
Options for running the sensor controller
By default, the sensor controller runs as a service without the Sensor Controller Diagnostics console. When you run the Sensor Controller Diagnostics console, you can run the sensor controller either as a service or as a Java application.
● If you are only logging agent data, you can use either method.
● If you are unable to start the sensor controller as a service, you can start it as a Java application. Starting the sensor controller as a Java application is also quicker.
Log information For information about the debug logs for the sensor controller and the application server, see the following:
● “Changing Log4j Logging Levels” on page 29
● “Log4j Application Server and Sensor Controller Logs” on page 28
Where to find the Sensor Controller Diagnostics console
The Sensor Controller Diagnostics console is installed with the sensor controller and the application server. The instructions for setting up the Sensor Controller Diagnostics console reference the default installation paths. If you installed SiteProtector components to other paths, you must use those instead.
In this chapter This chapter contains the following topics:
Section Page
Running the Sensor Controller as a Java Application 2
Setting up Run-time Logging for the Sensor Controller Service 3
Setting up Run-Time Logging for the Application Server Service 5
1Technical Reference Guide Version 2.0, SP5
Chapter 1: Diagnostic and Debugging Setup
Running the Sensor Controller as a Java Application
Introduction When you run the sensor controller as a Java application, you start the Sensor Controller Diagnostics console and the run-time debug log together from a command prompt window.
Note: When you set up the Sensor Controller Diagnostics console, you also activate the run-time debug logs for the sensor controller.
Procedure To run the sensor controller as a Java application:
1. Access the Services utility on your computer.
2. Select the SiteProtector Sensor Controller service, and then click Stop.
3. Access the Command Prompt.
4. Change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin.
5. Type ccengine –debug, and then press ENTER.
Logging information is displayed, and the Sensor Controller Diagnostics console appears.
2
Setting up Run-time Logging for the Sensor Controller Service
Setting up Run-time Logging for the Sensor Controller Service
Introduction When you use the Sensor Controller Diagnostics console with the sensor controller as a service, the run-time debug log appears in a separate Command Prompt window.
Process overview Starting the Sensor Controller Diagnostics console with the Sensor Controller Service is a four-task process:
Procedure To start run-time logging with the sensor controller as a service:
1. Click Start on the taskbar, and then select Settings Control Panel.
2. Double-click the Administrative Tools icon, and then double-click the Services icon.
3. Select RealSecure SiteProtector Sensor Controller Service, and then click Stop.
4. Right-click RealSecure SiteProtector Sensor Controller Service, and then select Properties from the pop-up menu.
5. Select the Log On tab, select the Allow service to interact with desktop check box, and then click OK.
Tip: Do not close the Services window.
6. Select Start on the taskbar, and then select Run.
7. Type regedit, and then press ENTER.
The Registry Editor appears.
8. In the left pane, select HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services issSPSenCtlService Parameters.
9. In the right pane, double-click ConsoleTrace, type Y in the Value data box, and then click OK.
10. In Services, select RealSecure SiteProtector Sensor Controller Service, and then click Start.
11. Access the Services utility on your computer.
12. Select the RealSecure SiteProtector Sensor Controller Service, and then click Stop.
13. Access the Command Prompt.
Task Description
1. Stop the Sensor Controller Service
Use the Services Administrative Tool to stop the RealSecure SiteProtector Sensor Controller Service.
2. Edit the properties of the service
From the Log On tab, select the Allow service to interact with desktop check box.
3. Change the registry setting Change the setting of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\issSPSenCtlService\Parameters\ConsoleTrace registry key from N to Y.
4. Change directories From the Command Prompt, change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin, and then run the ccengine -debug command.
Table 6: Starting the Sensor Controller Diagnostics console
3Technical Reference Guide Version 2.0, SP5
Chapter 1: Diagnostic and Debugging Setup
14. Change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin.
15. Type ccengine –debug, and then press ENTER.
16. Logging information is displayed, and the Sensor Controller Diagnostics console appears.
4
Setting up Run-Time Logging for the Application Server Service
Setting up Run-Time Logging for the Application Server Service
Introduction When you enable run-time logging for the application server, it continues to run as a service. The run-time logging information appears in a separate Command Prompt window.
Procedure To set up run-time logging for the application server:
1. Click Start on the taskbar, and then select Settings Control Panel.
2. Double-click the Administrative Tools icon, and then double-click the Services icon.
3. Select RealSecure SiteProtector Application Server, and then click Stop.
4. Right-click RealSecure SiteProtector Application Server, and then select Properties from the pop-up menu.
5. Select the Log On tab, select the Allow service to interact with desktop check box, and then click OK.
Tip: Do not close the Services window.
6. Click Start on the taskbar, and then select Run.
7. Type regedit, and then press ENTER.
The Registry Editor appears.
8. In the left pane, select HKEY_LOCAL_MACHINE SYSTEMCurrentControlSet Services issSPAppService Parameters.
9. In the right pane, double-click ConsoleTrace, type Y in the Value data box, and then click OK.
10. In Services, select RealSecure SiteProtector Application Server, and then click Start.
5Technical Reference Guide Version 2.0, SP5
Chapter 2
Log File Diagnostics
Overview
Introduction Log files can help you identify and correct problems with components or agents. This chapter provides the following types of information:
● the path of the file
● file contents
● how to change logging levels
● how to view the log
Viewing logs Most log files are text files that you can open with a standard text file editor. If a different method is needed for a particular log file, it is explained with the description of that log.
Important: Be sure to use a text editor that can handle large files.
In this chapter This chapter contains the following sections:
Topic Page
Miscellaneous Logging Information 19
Log4j Logging Information 27
Sensor Controller Logging Information 31
Agent Manager Logging Information 47
17Technical Reference Guide Version 2.0, SP5
SECTION A: Miscellaneous Logging Information
Overview
Introduction This section gives logging information related to various SiteProtector processes and components.
In this section This section contains the following topics:
Topic Page
Application Server Logs 20
Database Logs 22
Installation Logs 23
X-Press Update Logs 25
Active Directory Logs 26
19Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Application Server Logs
Introduction This topic describes the log and configuration files that the application server uses:
● application server log files
● issDaemon logs
How log files are created on the application server
When you issue a command that displays or modifies a property, response, or policy file for an agent or core component, SiteProtector sends log files to the computer where the application server is running.
Location of application server logs
The path of the application server log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\AppServer.
Setting logging levels
The logging level determines the type and amount of system information that SiteProtector stores. To set logging levels for the application server logs:
● In the Sensor Controller Diagnostics console, right-click the SiteProtector Core component in the Sensor window.
Important: The application server does not use dynamic logging, so changes to the logging levels do not take effect until you restart the Application Server service.
Characteristics of application server logs
The following characteristics apply to all application server log files:
● The system overwrites a log file each time you restart the sensor controller.
● The amount of detail collected depends on the current trace level.
Note: The log files can quickly become very large when the logging level is high.
Description of log files
Table 7 describes the application server logs:
Location of issDaemon logs
Logging information is available for each issDaemon with which the application server communicates. The path is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]
Note: The issDaemon log files are always available regardless of the trace level.
File name Description
Issdk.txt Logs high-level activity detailing application server interaction with all issDaemons
IssdkComm.txt Logs low-level communication activity between the application server and issDaemons
IssdkInterface.txt Logs low-level application server activity
Table 7: Application Server logs
20
Application Server Logs
Description of log files
Table 8 describes the issDaemon log files:
File Name Description
[email protected] Copy of iss.access located at specified IP address
[email protected] Copy of common.policy located at specified IP address
[email protected] Copy of issDaemon.policy located at specified IP address
Table 8: issDaemon and application server communication logs
21Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Database Logs
Introduction Database log information, such as errors, number of rows loaded, number of rows rejected, and reasons for rows rejected, is logged to the messagelog table in the SiteProtector database.
Viewing database logs
Use Microsoft SQL Server Enterprise Manager or Query Analyzer to view the messagelog table.
Default logging level The default logging level is set to Warnings. This level logs a limited set of significant events.
Changing the logging level
You can use the Sensor Details feature in the SiteProtector Console to change the logging level.
Recommendations for increased logging detail
Increasing the logging levels for an extended period of time can quickly fill the database. Use the following recommendations when increasing logging detail:
● Increase the logging levels (i.e., set the logging level to Full) for short intervals as needed to gather detailed information.
● Reset the trace level to Warnings after you finish collecting detailed information.
Truncate this table after extended debugging, as well as during normal tracing, if the table becomes too large.
22
Installation Logs
Installation Logs
Introduction The SiteProtector installation process generates a log file for each SiteProtector component you install. It also creates a detailed log file for each bulk copy of data loaded into a particular table on the SiteProtector database. The log files contain a line of text for each action taking place.
Location of log files Table 9 provides the path of the log files on the computer where each component is installed:
Log files created during installation
The log files created during installation depend on the type of installation (Basic or Custom). Table 10 contains the installation log files that may be generated during installation:
Log Files Folder
Component log files for installation \temp\iss
SiteProtector database table bulk copy log files
\temp\iss\bulk copy logs
Table 9: Location of general and SiteProtector database log files
This log file... Is created by...
Application_Server_Setup_Log.txt Application Server installation
Console_Setup_Log.txt Console installation
Site_Database_Setup_Log.txt Database installation
Event_Collector_Setup_Log.txt Event Collector installation
Desktop_Controller_Setup_Log.txt Desktop Controller installation
Deployment_Manager_setup_log.txt Deployment Manager installation
DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for a Basic installation from CD
DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for a Basic installation
DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for installation of the Console
DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for part 1 of the Custom installation
DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for part 2 of the Custom installation
All_Components_Log.txt User clicking Yes to the “Do you want to view the log file?” prompt on the message box.
Table 10: Log files that may be created at installation
23Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Component log files for uninstallation
Log files are always created when you uninstall SiteProtector. The names of the log files are the same as those created during installation, but the contents are overwritten with the uninstallation process information if the original log files still exist.
Note: If error or warning messages occur during the installation process, and you want to save these messages for troubleshooting purposes, then rename the log files before you uninstall the application.
Viewing the component log files
If an error or warning occurs during the installation or uninstallation process in normal mode, the View Log File check box on the Finish window at the end of the process will be checked by default. This enables you to easily view the log file contents to determine the reason for the error or warning.
To view the component installation logs:
1. Click OK on the Finish window.
The Finish window closes and Notepad opens, displaying the contents of the installation/uninstallation log file.
2. View the errors and/or warnings in the log file to determine how to resolve the problem.
SiteProtector database table bulk copy log files
Approximately 50 pairs of log files are generated for each bulk copy that is created and populated for the SiteProtector database. Table 11 describes those pairs of log files:
Note: Statistics for the number of rows copied for every bulk copy file that was installed or uninstalled are included in the Enterprise_Database_Setup_Log.txt file. This file provides a single source for you to quickly determine which error messages or warnings have occurred.
Table Name Description
tablename_ Table_BulkCopy_Log.txt
Statistics related to bulk copy process used to create the database table (e.g., source, destination, number of rows copied, duration)
tablename_Table_BulkCopy_ErrorLog.txt
File is empty unless errors have occurred
Table 11: SiteProtector database log descriptions
24
X-Press Update Logs
X-Press Update Logs
Introduction You can generate log files to track the details of X-Press Update (XPU) activities for the application server and the sensor controller.
Contents of the log The X-Press Update log file contains details of X-Press Update downloading activity and the overall X-Press Update status.
● This high-level log file contains details about XPU activity.
● The file is overwritten each time the application server or the sensor controller restarts.
● The amount of detail depends on current trace level.
Note: This file can quickly become large when logging level is high.
Location of log files Table 12 provides the paths of the X-Press Update log files:
Setting the X-Press Update logging level
To change the logging level for the X-Press Update log file:
1. On the Options menu, select XPU Logging Level.
2. Select the logging level you want to use.
Component X-Press Update log file path and name
application server \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\AppServer\Xpu.txt
sensor controller \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Xpu.txt
Table 12: X-Press Update log file locations
25Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Active Directory Logs
Introduction The SiteProtector application generates Active Directory log files that can give you information about specific jobs and help you troubleshoot issues with your SiteProtector Active Directory listing.
Location of log files You can find the Active Directory log files in the following location:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\SP [email protected]\Job_job number
Note: If you are using the Custom Installation, the Active Directory log files are located on your application server.
Description of log files
Table 13 provides the names and descriptions of the Active Directory log files:
Setting the Active Directory logging level
The Active Directory Update job sets its logging level from the SiteProtector Core logging level. To set the Active Directory logging level:
1. On the Sensors tab, right-click SiteProtector Core, and then select SiteProtector Core Edit Properties from the pop-up menu.
The SiteProtector Core Properties window opens.
2. Click Advanced.
The Advanced SiteProtector Core Properties window appears.
3. In the Set sensor controller trace level drop-down list, select the logging level you want.
4. Click OK.
5. Click OK.
Log file name Description
warnings.csv • lists hosts that were not added to the SiteProtector Active Directory listing
• provides information about why a host was not added to the SiteProtector Active Directory listing
• generated only when logging is set to Warn or higher
JobLog.txt • lists system-related information
• generated with any logging level, except None
• generated when a system error occurs
Table 13: Active Directory log file locations
26
SECTION B: Log4j Logging Information
Overview
Introduction This section provides log4j logging information, and also gives information about using the log4j tool to set logging levels.
In this section This section contains the following topics:
Topic Page
Log4j Application Server and Sensor Controller Logs 28
Changing Log4j Logging Levels 29
27Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Log4j Application Server and Sensor Controller Logs
Introduction You can view the application server and sensor controller log4j logs in the following ways:
● as a text file in a standard text editor
● in the Windows 2000 Event Viewer Application Log
● in a run-time debug log on a Command Prompt window
Location of log files Table 14 provides the paths of the run-time logs on the computer that hosts the application server and sensor controller.
Viewing from a text file
To view the log:
● Open the log file for application server (app_server.log) or the sensor controller (sensor_ctl.log) with any text file editor that can edit large files.
Viewing from the event viewer
Events generated by the application server and the sensor controller are logged to the Application Log in the Windows 2000 Event Viewer. The Source names for the events are issSPAppService and issSPSenCtlService.
To view the events from the Windows 2000 Event Viewer Application Log:
1. Click Start on the taskbar, and then select Programs Administrative Tools.
2. Double-click the Event Viewer icon.
3. In the left pane, select the application log.
4. In the right pane of the Source column, look for issSPAppService and issSPSenCtlService.
Tip: Click the Source column to sort the list.
Viewing run-time debug logs
To view run-time debug log:
● Locate the Command Prompt window that contains the debug log.
Important: You must first configure the application server and the sensor controller to enable run-time logging.
Component Properties File Path and File Name
Application server \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\app_server.time_stamp.log
Sensor controller \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\sensor_ctl.time_stamp.log
Table 14: Log4j log file locations
28
Changing Log4j Logging Levels
Changing Log4j Logging Levels
Introduction This topic describes logging levels for log4j logs. These logging levels are separate and distinct from the logging levels on the Sensor Controller Diagnostics console’s Set Logging Level menu.
Note: Methods for viewing the log4j logs are explained in “Log4j Application Server and Sensor Controller Logs” on page 28.
Logging levels The log4j tool provides five priority levels of logging detail. (See non-ISS documentation at http://jakarta.apache.org/log4j/docs/manual.html.) The default logging level is set to fatal, which only logs very serious errors.
Priority levels, in decreasing order of logging detail, are as follows:
● DEBUG
● INFO
● WARN
● ERROR
● FATAL
Recommendations for logging detail
Increasing the logging levels for an extended period of time can quickly fill the log file. Follow these recommendations when increasing logging detail:
● Increase the logging levels for short intervals as needed to gather detailed information.
● Delete the log files at any time, as they can quickly become large.
■ Delete the app_server.log, and then restart the application server.
■ Delete the sensor_ctl.log, and then restart the sensor controller.
● Check the log4j documentation for procedures that automatically roll the logs into manageable sizes.
Where the logging level is set
The logging level is set in a properties file for each component. The properties file path and file name for the application server are as follows:
\Program Files\ISS\RealSecure SiteProtector\Application Server\config\log.properties
Important: The file must be present before any logging takes place.
Changing the logging level
To change the logging level:
1. In Notepad or an equivalent text editor, open the properties file for the application server (log.properties).
2. Find the line that contains the following:
log4j.rootLogger=logging_level
Note: The logging_level value is one of the five possible logging levels.
29Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
3. Replace the logging level with another available logging level.
Example: Change the logging level from FATAL to DEBUG.
4. Save the file.
Note: You must restart the application server before the logging change takes effect.
30
SECTION C: Sensor Controller Logging Information
Overview
Introduction This section lists SiteProtector logging information for components that are managed with the sensor controller.
In this section This section contains the following topics:
Topic Page
Sensor Controller Logs 32
Sensor Controller SiteProtector Database Logs 33
Sensor Controller SiteProtector Core Logs 34
Sensor Controller Event Collector Logs 35
Sensor Controller Agent Manager Logs 37
Sensor Controller Internet Scanner Logs 39
Sensor Controller Internet Scanner Databridge Logs 40
Sensor Controller A-Series Appliance Logs 41
Sensor Controller G-Series Appliance Logs 42
Sensor Controller RealSecure Network Logs 43
Sensor Controller RealSecure Network Gigabit Logs 44
Sensor Controller Server Sensor Logs 45
Sensor Controller SiteProtector Third Party Module Logs 46
31Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller Logs
Introduction This topic introduces log and configuration files that the sensor controller uses:
● the log files for the sensor controller
● the configuration and log files for the agents and SiteProtector components with which the sensor controller communicates
How sensor controller logging works
When you issue a command that displays or modifies a property, response, or policy file for an agent or core component, SiteProtector sends log files to the computer where the sensor controller is running.
Location of log files The path of the files is as follows:
Program Files\ISS\RealSecure SiteProtector\Application Server\temp
Dynamic logging levels
Changes to the logging levels are dynamic. You do not have to restart the sensor controller service for the changes to go into effect.
Common characteristics
The following common characteristics apply to all sensor controller log files:
● The log file is overwritten each time you restart the sensor controller, but only if the logging level is not full. If the logging level is full, then SiteProtector appends the file.
● The amount of detail collected depends on current trace level.
Note: The log files can quickly become large when the logging level is high.
Description of log files
Table 15 describes the log files for the sensor controller:
Changing logging levels for agents
To change the logging levels:
1. In the Sensors window, right-click the agent, and then select Details from the pop-up menu.
2. Select the desired logging level in the Sets new sensor logging level drop-down list.
3. Click OK.
Log File Name Description
Issdk.txt Logs high-level activity detailing sensor controller interaction with all agents and core components
IssdkComm.txt Logs low-level communication activity between the sensor controller and agents
IssdkInterface.txt Logs low-level sensor controller activity
Table 15: Sensor controller dynamic log files
32
Sensor Controller SiteProtector Database Logs
Sensor Controller SiteProtector Database Logs
Introduction The SiteProtector database files contain information related to the SiteProtector database located at the given IP address. The path of the log file is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Site Protector [email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the SiteProtector database is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Site Protector [email protected]\Job_job_number
Description of log files
Table 16 describes the SiteProtector database log file:
Log File Name Description
Site Protector [email protected]
• low-level log file detailing sensor controller interaction with SiteProtector database component (i.e., XPU activity)
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 16: SiteProtector database log files
33Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller SiteProtector Core Logs
Introduction The SiteProtector Core log files contain information related to the sensor controller located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp.
Note: If the trace level is set to 0 and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the SiteProtector Core is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\sensor_ctl.time_stamp.log
Description of log files
4. Table 17 describes the SiteProtector Core log files
Log File Name Description
sensor_ctl.time_stamp.log • generated file containing runtime debug information
• overwritten each time sensor controller service restarts
• amount of detail depends on current logging level
Table 17: SiteProtector Core log files
34
Sensor Controller Event Collector Logs
Sensor Controller Event Collector Logs
Introduction The default path of configuration files for the event collector at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path of the event collector is \Program Files\ISS\RealSecure SiteProtector\Event Collector.
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the event collector is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]\Job_job_number
Description of log files
Table 18 describes the event collector log files:
Log File Names Description
EventCollector_ [email protected]
• copy of common.policy located at specified IP address
• always available
• independent of logging level
EventCollector_ [email protected]
• copy of issDaemon.policy located at specified IP address
• always available
• independent of logging level
EventCollector_ [email protected]
• copy of current.policy located at specified IP address
• always available
• independent of logging level
EventCollector_ [email protected]
• copy of ec_status.policy (located at specified IP address) that details the Event Collector control list and status information
• always available
• independent of logging level
EventCollector_ [email protected]
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts but is independent of logging level
EventCollector_ [email protected]
• cached file of user modifications to properties
• overwritten each time sensor controller restarts but is independent of logging level
Table 18: Event collector log files
35Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
EventCollector_ [email protected]
• generated file containing runtime debug information detailing interaction between sensor controller and event collector
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Log File Names Description
Table 18: Event collector log files (Continued)
36
Sensor Controller Agent Manager Logs
Sensor Controller Agent Manager Logs
Introduction The default path of configuration files for the Agent Manager (formerly Desktop Controller) at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path of the Agent Manager is \Program Files\ISS\RealSecure SiteProtector\Desktop Controller.
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Desktop Controller is:
\Program Files\ISS\RealSecure SiteProtector\Desktop Controller\Job_job_number
Description of log files
Table 19 describes the Agent Manager log files:
Log File Names Description
DesktopController_ [email protected]
• copy of common.policy located at specified IP address
• always available
• independent of logging level
DesktopController_ [email protected]
• copy of issDaemon.policy located at specified IP address
• always available
• independent of logging level
DesktopController_ [email protected]
• copy of current.policy located at specified IP address
• always available
• independent of logging level
DesktopController_ [email protected]
• copy of the Agent Manager status policy file (located at specified IP address) that details the Agent Manager control list and status information
• always available
• independent of logging level
DesktopController_ [email protected]
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts but is independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts but is independent of logging level
Table 19: Agent Manager log files
37Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
DesktopController_ [email protected]
• generated file containing runtime debug information detailing interaction between sensor controller and Agent Manager
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Log File Names Description
Table 19: Agent Manager log files (Continued)
38
Sensor Controller Internet Scanner Logs
Sensor Controller Internet Scanner Logs
Introduction The path of the configuration and log files for the Internet Scanner located at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path for Internet Scanner 6.2.1 is \Program Files\ISS\Scanner6. The default installation path for Internet Scanner 7.0 is \Program Files\ISS\issSensors\Scanner_1.
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Internet Scanner is:
Location of Internet Scanner job-specific log files
The path of the log files related to specific jobs for Internet Scanner is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The files are located in subfolders according to the job name. By default, the path for Internet Scanner 6.2.1 configuration files is \Program Files\ISS\Scanner6 on the computer the Internet Scanner is hosted. The general form is as follows:
● Job_x – folder containing files related to job number “x”
Note: Internet Scanner 7.0 does not use files with the .cfg extension. However, Internet Scanner 7.0 log files are located by default in \Program Files\ISS\issSensors\scanner_1\log.
Description of Internet Scanner job-specific log files
Table 21 describes the job-specific log files:
Version Path
6.2.1 \Program Files\ISS\Scanner6\Job_job_number
7.0 \Program Files\ISS\Scanner_1\log\Job_job_number>
Table 20: Location of Internet Scanner logs
Log File Name Description
hosts.hst IP range of hosts to be scanned
iss.key license key that limits IP range that can be scanned
*.policy policy file used by Internet Scanner during scan (e.g., L1 Inventory.policy)
Table 21: Internet Scanner job-specific log files
39Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller Internet Scanner Databridge Logs
Introduction The path of the log files for the Internet Scanner Databridge at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path for the Internet Scanner Databridge is \Program Files\ISS\issSensors\Internet_Scanner_DataBridge.
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Internet Scanner Databridge is:
\Program Files\ISS\issSensors\Internet_Scanner_DataBridge\Job_job_number
Description of log files
Table 22 describes the Internet Scanner Databridge log files:
File Names Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information detailing interaction between sensor controller and Internet Scanner Databridge
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 22: Internet Scanner Databridge log files
40
Sensor Controller A-Series Appliance Logs
Sensor Controller A-Series Appliance Logs
Introduction The A-Series appliance log files contain information related to the A-Series appliance located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the A-Series appliance is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Proventia_Amodel_number\Job_job_number
Description of log files
Table 23 describes the A-Series appliance log files:
Log File Names Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 23: A-Series appliance log files
41Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller G-Series Appliance Logs
Introduction The G-Series appliance log files contain information related to the G-Series appliance located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the G-Series appliance is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Proventia_Gmodel_number\Job_job_number
Description of log files
Table 24 describes the G-Series appliance log files:
Log File Names Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 24: G-Series appliance log files
42
Sensor Controller RealSecure Network Logs
Sensor Controller RealSecure Network Logs
Introduction The RealSecure Network log files contain information related to the RealSecure Network agent located at the given IP address. The path of the log files is \ProgramFiles\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Network agent is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]\Job_job_number
Description of log files
Table 25 describes the RealSecure Network agent log files:
Note: All logging is saved for successful jobs, unless the logging level is turned off.
Log File Names Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information detailing interaction between sensor controller and network sensor
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 25: RealSecure Network agent log files
43Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller RealSecure Network Gigabit Logs
Introduction The RealSecure Network Gigabit log files contain information related to the RealSecure Network Gigabit agent located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Network Gigabit is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]\Job_job_number
Description of log files
Table 26 describes the RealSecure Network Gigabit log files:
Log File Names Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information detailing interaction between sensor controller and network sensor
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 26: RealSecure Network Gigabit log files
44
Sensor Controller Server Sensor Logs
Sensor Controller Server Sensor Logs
Introduction The Server Sensor log files contain information related to the Server Sensor located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].
Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Server Sensor is:
\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]\Job_job_number
Description of log files
Table 27 describes the Server Sensor log files:
Log File Name Description
• copy of current.policy located at specified IP address
• always available
• independent of logging level
• generated file containing runtime configuration information
• overwritten each time sensor controller restarts, but independent of logging level
• cached file of user modifications to properties
• overwritten each time sensor controller restarts, but independent of logging level
• generated file containing runtime debug information detailing interaction between sensor controller and Server Sensor
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
Table 27: Server Sensor log files
45Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Sensor Controller SiteProtector Third Party Module Logs
Introduction The Third Party Module log files contain information related to the Third Party Module located at the given IP address. The paths to the log files are as follows:
CheckPoint log files Table 28 describes the CheckPoint Third Party Module log files:
Cisco PIX log files Table 29 describes the Cisco PIX Third Party Module log files:
Firewall Log file path
CheckPoint \ISS\issSensors\ThirdPartyModule_Checkpoint_1\Logs
Cisco PIX \ISS\issSensors\ThirdPartyModule_Cisco_1\Logs
Log File Name Description
sensor_health.policy • copy of current.policy located at specified IP address
• always available
• independent of logging level
LeaTraceLog.txt • generated file containing runtime debug information
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
TpmLog.txt
TPMTraceLog.txt
Table 28: CheckPoint Third Party Module log files
Log File Name Description
sensor_health.policy • copy of current.policy located at specified IP address
• always available
• independent of logging level
TpmLog.txt, • generated file containing runtime debug information
• overwritten each time sensor controller restarts
• amount of detail depends on current logging level
TPMTraceLog.txt
Table 29: Cisco PIX Third Party Module log files
46
SECTION D: Agent Manager Logging Information
Overview
Introduction This section lists SiteProtector logging information for components that are managed with the Agent Manager (formerly Desktop Controller).
In this section This section contains the following topics:
Topic Page
Agent Manager Desktop Protection Logs 48
Desktop Controller M-Series Appliance Logs 50
47Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Agent Manager Desktop Protection Logs
Introduction The Desktop Protection log files contain information related to the Agent Manager located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Desktop Controller\Logs.
Logging levels If you are experiencing problems with your Agent Manager applications, you should adjust logging levels to help troubleshoot the issues. You set logging levels in the rsspdc.ini file, which is located in the following directory on the Agent Manager computer:
\Program Files\ISS\RealSecure SiteProtector\Desktop Controller
Setting and clearing logging levels
To set a logging level:
1. In the rsspdc.ini file, cut the logging level you want from the dcLog.clear line, and then paste it into the dcLog.set line.
To clear a logging level, cut it from the dcLog.set line, and then paste it into the dcLog.clear line.
2. Save, and then close the files.
3. From the SiteProtector Console, stop, and then start the Agent Manager service.
Important: ISS strongly recommends that you perform this procedure only with guidance from ISS Technical Support.
Logging level parameters
The following table lists the logging level parameters:
Logging level Description
EXCEPTION Error level logging including both fatal and non-fatal. These errors may indicate expected failure situations (such as connectivity loss or out of memory errors) or unexpected problems from the outside the Desktop Controller (such as malformed XML policies or unexpected events from agents).
ASSERTION Debug assertion logging that indicates a bug in the Desktop Controller code. These errors indicate abnormal conditions, and if seen, they should be reported to ISS Technical Support.
WARNING Warning logging for non-critical/recoverable conditions in the Desktop Controller, such as DB connectivity loss.
INFORMATION Information logging of general activity in the Desktop Controller.
HTTPRESPONSE Logging of HTTP response data to agents from the Desktop Controller.
HTTPEVENT Logging of incoming HTTP event/heartbeat data from agents.
FIREWALL Logging of firewall rule-setting during policy loading.
AGENTDOWNLOAD Logging of HTTP request information when agents download files from the Desktop Controller (including configuration files or upgrade packages).
WEBSERVER Logging of Web server activity in the Desktop Controller.
Table 30: Desktop Protection logging level parameters
48
Agent Manager Desktop Protection Logs
SYSMON General logging level for system type events, such as thread startup and shutdown.
ALERT Logging of alert/response information for SMTP, Pager, and SNMP alerts.
METRICS Traces incoming event counts.
VERBOSE Logging of repeated informational traces such as polling thread activity and policy/property file loading.
Logging level Description
Table 30: Desktop Protection logging level parameters
49Technical Reference Guide Version 2.0, SP5
Chapter 2: Log File Diagnostics
Desktop Controller M-Series Appliance Logs
Introduction The M-Series log file contains information related to the M-Series appliance located at the given IP address. The path to the log file is /var/log/messages.
Local Management Interface
The easiest way to access the log file is by using the Local Management Interface (LMI) on the M-Series appliance. For information about how to access the log file using the LMI, see the Proventia M-Series Appliances User Guide.
Description of log file
Table 31 describes the M-Series log file:
Log file parameter Description
Date/Time The date and time that the event was detected.
Event Type The type of event that was detected. The event types are:
• anti-virus
• firewall
• intrusion protection module
• system
Other event details Besides Date, Time, and Event Type, the following event information can be included in the M-Series log file:
• generated error message
• source/destination IP address
• source/destination port
• host name
Table 31: M-Series log file
50
Appendix A
Database Schema
Overview
Introduction This appendix provides the SiteProtector database schematics.
In this appendix This appendix contains the following topics:
Topic Page
Application Security Schema 54
Auditing and Diagnostics Schema 55
Command and Control Schema 56
Grouping Schema 57
ITRSO Schema 58
Metrics Schema 59
Sensor Data Schema 60
Site Analysis Schema 61
Site Filters Schema 62
Staging and Rejects Schema 63
Statistics Schema 64
X-Force Schema 65
Complete Database Schema 66
53Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Application Security Schema
Schema The following diagram displays the Application Security Schema.
Gro
ups
Gro
upID
: in
t ID
EN
TIT
Y (
AK
1.2
)
Gro
upN
am
e: nvarc
har(
80)
NO
T N
ULL
Gro
upD
esc: nvarc
har(
255)
NU
LL
Role
ID: in
t N
ULL (
FK
)
Pare
ntG
roupID
: in
t N
ULL (
AK
1.1
,IE
1.1
)
Gro
upV
iew
ID: in
t N
ULL (
FK
)
Dele
ted: tinyin
t N
ULL
SiteID
: in
t N
ULL (
FK
)
Gro
upT
ypeID
: in
t N
ULL (
FK
)
SP
Gro
upID
: in
t N
ULL
Rule
ID: in
t N
ULL (
FK
)
GU
ID: varc
har(
36)
NU
LL
Sites S
iteID
: in
t ID
EN
TIT
Y(2
,1)
Nam
e: nvarc
har(
60)
NO
T N
ULL
Descr:
nvarc
har(
255)
NU
LL
IpA
ddre
ss: varc
har(
47)
NO
T N
ULL
Port
: in
t N
OT
NU
LL
LastD
ata
LoadA
t: d
ate
tim
e N
ULL
Dele
ted: tinyin
t N
ULL
Users U
sers
ID: in
t ID
EN
TIT
Y
Login
: nvarc
har(
50)
NO
T N
ULL
Dom
ain
: nvarc
har(
255)
NO
T N
ULL
SID
: varc
har(
50)
NO
T N
ULL (
AK
2.1
)
LastL
ogin
: date
tim
e N
ULL
LastL
ogin
Failu
re: date
tim
e N
ULL
NT
Gro
up: nvarc
har(
30)
NO
T N
ULL
Users
Gro
ups
Users
ID: in
t N
OT
NU
LL (
FK
)
Gro
upID
: in
t N
OT
NU
LL (
FK
)
Users
Sites
Users
ID: in
t N
OT
NU
LL (
FK
)
SiteID
: in
t N
OT
NU
LL (
FK
)
Role
Role
ID: in
t N
OT
NU
LL
Role
Nam
e: varc
har(
60)
NO
T N
ULL
Pro
ductID
: in
t N
ULL (
FK
)
Cla
ssN
am
e: varc
har(
255)
NO
T N
ULL (
AK
1.1
)
Nam
espace: varc
har(
255)
NU
LL
Defa
ultLoggin
gLevel: tin
yin
t N
ULL
Defa
ultS
tatu
s: tinyin
t N
ULL
Defa
ultO
ptionF
lags: tinyin
t N
ULL
Support
sE
C: tinyin
t N
OT
NU
LL
Support
sG
roupP
olic
y: tinyin
t N
OT
NU
LL
Gro
upV
iew
Gro
upV
iew
ID: in
t ID
EN
TIT
Y (
IE1.1
)
Gro
upV
iew
Nam
e: nvarc
har(
64)
NO
T N
ULL
Dele
ted: tinyin
t N
ULL
Gro
upT
ypes
Gro
upT
ypeID
: in
t ID
EN
TIT
Y
Nam
e: nvarc
har(
64)
NU
LL (
AK
1.1
)
Descr:
nvarc
har(
255)
NU
LL
54
Auditing and Diagnostics Schema
Auditing and Diagnostics Schema
Schema The following diagram displays the Auditing and Diagnostics schema:
Au
ditIn
fo
Au
ditIn
foID
: in
t ID
EN
TIT
Y
Au
ditT
railI
D:
int
NU
LL
(F
K)
Pa
ram
Na
me
: n
va
rch
ar(
10
0)
NU
LL
Pa
ram
Va
lue
: n
va
rch
ar(
50
0)
NU
LL
Pa
ram
Da
taT
yp
e:
nva
rch
ar(
60
) N
UL
L
Pa
ram
De
sig
na
tor:
nva
rch
ar(
10
) N
UL
L
Au
ditT
rail
Au
ditT
railI
D:
int
IDE
NT
ITY
Au
ditE
ve
ntC
MD
ID:
int
NU
LL
(F
K)
Use
rNa
me
: n
va
rch
ar(
75
) N
UL
L
Au
ditT
ime
: d
ate
tim
e N
UL
L
Au
ditE
ve
ntC
MD
Au
ditE
ve
ntC
MD
ID:
int
IDE
NT
ITY
Eve
ntD
esc:
nva
rch
ar(
10
0)
NU
LL
DB
Su
bC
om
po
ne
nt
DB
Su
bC
om
po
ne
ntI
D:
sm
alli
nt
IDE
NT
ITY
DB
Co
mp
on
en
tID
: sm
alli
nt
NU
LL
(F
K)
Pro
cN
am
e:
va
rch
ar(
30
) N
UL
L
Sta
te:
tin
yin
t N
UL
L
Sta
teD
ate
Tim
e:
da
tetim
e N
UL
L
Sta
teD
escrip
tio
n:
va
rch
ar(
10
0)
NU
LL
DB
Co
mp
on
en
t
DB
Co
mp
on
en
tID
: sm
alli
nt
IDE
NT
ITY
Na
me
: va
rch
ar(
30
) N
UL
L
Sta
te:
tin
yin
t N
UL
L
Sta
teD
escrip
tio
n:
va
rch
ar(
10
0)
NU
LL
Err
orM
essa
ge
Err
orN
um
be
r: in
t N
OT
NU
LL
Se
ve
rity
ID:
sm
alli
nt
NU
LL
(F
K)
Me
ssa
ge
Te
xt:
nva
rch
ar(
30
0)
NU
LL
Ve
rsio
n
Att
rib
ute
Na
me
: n
va
rch
ar(
40
) N
UL
L
Att
rib
ute
Va
lue
: n
va
rch
ar(
10
0)
NU
LL
Err
orS
eve
rity
Se
ve
rity
ID:
sm
alli
nt
NO
T N
UL
L
Na
me
: n
va
rch
ar(
20
) N
OT
NU
LL
De
scrip
tio
n:
nva
rch
ar(
80
) N
UL
L
Re
po
rtT
oC
alle
r: t
inyin
t N
OT
NU
LL
SQ
LS
eve
rity
: ch
ar(
2)
NU
LL
Lo
gg
ing
Le
ve
l: t
inyin
t N
UL
L
Me
ssa
ge
Lo
g
Me
ssa
ge
Lo
gID
: in
t ID
EN
TIT
Y
Wh
en
Occu
rre
d:
da
tetim
e N
OT
NU
LL
Se
ve
rity
ID:
sm
alli
nt
NO
T N
UL
L (
FK
)
Err
orN
um
be
r: in
t N
OT
NU
LL
Me
ssa
ge
: n
va
rch
ar(
30
0)
NU
LL
Pro
ce
du
reN
am
e:
nva
rch
ar(
60
) N
UL
L
Re
late
sT
oE
rro
rID
: in
t N
UL
L
Ve
rsio
nU
pd
ate
s
Up
da
teT
ag
: ch
ar(
40
) N
UL
L
Up
da
teT
yp
e:
tin
yin
t N
OT
NU
LL
Ma
jorV
ers
ion
: in
t N
OT
NU
LL
Min
orV
ers
ion
: in
t N
OT
NU
LL
Ye
arP
oin
tRe
lea
se
: in
t N
OT
NU
LL
Bu
ildN
um
be
r: in
t N
OT
NU
LL
Up
da
teC
md
Lin
e:
va
rch
ar(
25
5)
NU
LL
Up
da
teF
ile:
va
rch
ar(
26
0)
NU
LL
De
lete
d:
tin
yin
t N
OT
NU
LL
Up
da
teS
tatu
s
Up
da
teS
tatu
sID
: in
t ID
EN
TIT
Y
Na
me
: va
rch
ar(
10
0)
NO
T N
UL
L
Sta
rtT
ime
: d
ate
tim
e N
OT
NU
LL
Sta
tus:
va
rch
ar(
30
) N
UL
L
Actio
nJo
bID
: in
t N
UL
L
To
talS
tep
s:
int
NU
LL
Up
da
teO
pe
ratio
nS
tatu
s
Up
da
teO
pe
ratio
nS
tatu
sID
: in
t ID
EN
TIT
Y
Ta
rge
tNa
me
: va
rch
ar(
10
0)
NO
T N
UL
L
Sta
tus:
va
rch
ar(
30
) N
UL
L
Up
da
teS
tatu
sID
: in
t N
UL
L (
FK
)
Du
ratio
n:
sm
alld
ate
tim
e N
UL
L
PctC
om
ple
te:
sm
alli
nt
NU
LL
Up
da
teS
tep
Sta
tus
Up
da
teS
tep
Sta
tusID
: in
t ID
EN
TIT
Y
Ste
pN
br:
in
t N
UL
L
Ta
skN
am
e:
va
rch
ar(
50
) N
UL
L
De
scrip
tio
n:
va
rch
ar(
10
00
) N
UL
L
PctC
om
ple
te:
sm
alli
nt
NO
T N
UL
L
DB
Tim
e:
da
tetim
e N
OT
NU
LL
Co
mp
on
en
tTim
e:
da
tetim
e N
UL
L
Sta
tus:
va
rch
ar(
30
) N
UL
L
Up
da
teO
pe
ratio
nS
tatu
sID
: in
t N
UL
L (
FK
)
Ma
inte
na
nce
Lo
g
Ma
inte
na
nce
Lo
gID
: b
igin
t ID
EN
TIT
Y
Wh
en
Occu
rre
d:
da
tetim
e N
UL
L
Me
ssa
ge
: n
va
rch
ar(
12
00
) N
UL
L
Pro
ce
du
reN
am
e:
nva
rch
ar(
24
0)
NU
LL
RS
DB
Op
tio
ns
Op
tio
nN
am
e:
va
rch
ar(
10
0)
NO
T N
UL
L
Pa
ram
De
sc:
va
rch
ar(
50
) N
UL
L
Pa
ram
Va
lue
: n
va
rch
ar(
10
0)
NO
T N
UL
L
De
fau
ltV
alu
e:
nva
rch
ar(
10
0)
NO
T N
UL
L
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
OT
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
OT
NU
LL
Syste
m_
Usr:
nva
rch
ar(
60
) N
OT
NU
LL
An
aly
sis
Lo
g
Qu
ery
ID:
int
IDE
NT
ITY
Sta
rtT
ime
: d
ate
tim
e N
UL
L
Typ
e:
ch
ar(
1)
NU
LL
SP
ID:
int
NU
LL
Du
ratio
n:
int
NU
LL
Use
rID
: in
t N
UL
L
SQ
LS
tmt:
te
xt
NU
LL
RP
C:
text
NU
LL
Err
orI
D:
int
NU
LL
55Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Command and Control Schema
Schema The following diagram displays the Command and Control schema:
Bin
ary
Da
ta
Bin
ary
Da
taID
: in
t ID
EN
TIT
Y
Bin
ary
Da
taT
yp
e:
tin
yin
t N
UL
L (
FK
)
Va
lue
: im
ag
e N
UL
L
Ch
eckS
um
: in
t N
UL
L (
IE1
.1)
File
Na
me
: n
va
rch
ar(
25
5)
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
De
lete
Re
fCo
un
t: in
t N
UL
L
Ro
le
Ro
leID
: in
t N
OT
NU
LL
Ro
leN
am
e:
va
rch
ar(
60
) N
OT
NU
LL
Pro
du
ctI
D:
int
NU
LL
(F
K)
Cla
ssN
am
e:
va
rch
ar(
25
5)
NO
T N
UL
L (
AK
1.1
)
Na
me
sp
ace
: va
rch
ar(
25
5)
NU
LL
De
fau
ltL
og
gin
gL
eve
l: t
inyin
t N
UL
L
De
fau
ltS
tatu
s:
tin
yin
t N
UL
L
De
fau
ltO
ptio
nF
lag
s:
tin
yin
t N
UL
L
Su
pp
ort
sE
C:
tin
yin
t N
OT
NU
LL
Su
pp
ort
sG
rou
pP
olic
y:
tin
yin
t N
OT
NU
LL
Co
mp
on
en
t
Co
mp
on
en
tID
: in
t ID
EN
TIT
Y
Ro
leID
: in
t N
UL
L (
FK
) (I
E2
.3)
La
stP
ush
ed
Po
licyID
: in
t N
UL
L (
FK
)
Pro
pe
rtyF
ileID
: in
t N
UL
L (
FK
)
Ho
stI
D:
int
NU
LL
(F
K)
(IE
2.1
)
Prio
rity
: n
um
eric N
OT
NU
LL
Sta
tus:
nu
me
ric N
OT
NU
LL
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
UL
L
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
De
lete
d:
nu
me
ric N
OT
NU
LL
Eve
ntS
ou
rce
Po
rt:
int
NU
LL
Eve
ntP
ort
: in
t N
UL
L
Ve
rsio
n:
va
rch
ar(
40
) N
UL
L
Se
nso
rNa
me
: n
va
rch
ar(
10
0)
NU
LL
(IE
2.2
)
Po
licy:
nva
rch
ar(
43
4)
NU
LL
Ma
ste
r: v
arc
ha
r(3
0)
NU
LL
Ava
ilab
leX
PU
: va
rch
ar(
40
) N
UL
L
La
stI
nsta
lled
XP
U:
va
rch
ar(
40
) N
UL
L
Lo
gg
ing
Le
ve
l: t
inyin
t N
UL
L
Lic
en
se
Sta
te:
sm
alli
nt
NU
LL
XP
US
tate
: sm
alli
nt
NU
LL
Sta
teD
escrip
tio
n:
nva
rch
ar(
50
0)
NU
LL
Un
exp
ecte
dC
on
fig
Ch
an
ge
: tin
yin
t N
UL
L
Mo
difie
dB
yS
en
so
rCo
ntr
olle
r: t
inyin
t N
OT
NU
LL
Da
em
on
Po
rt:
int
NU
LL
Eve
ntL
og
Op
tio
n:
tin
yin
t N
UL
L
Site
ID:
int
NU
LL
(F
K)
La
stP
ush
ed
Re
sp
on
se
ID:
int
NU
LL
(F
K)
XP
UD
ate
: d
ate
tim
e N
UL
L
Re
sp
on
se
: n
va
rch
ar(
43
4)
NU
LL
Po
licyG
rou
pID
: in
t N
UL
L (
FK
)
La
stH
ea
rtB
ea
t: d
ate
tim
e N
UL
L
GU
ID:
va
rch
ar(
36
) N
UL
L (
IE1
.1)
Lic
en
se
ID:
int
NU
LL
(F
K)
Po
licyC
ha
ng
ed
Fla
g:
tin
yin
t N
OT
NU
LL
FC
PE
ve
ntP
ort
: in
t N
UL
L
FC
PE
ve
ntS
ou
rce
Po
rt:
int
NU
LL
EC
Sta
tus:
tin
yin
t N
UL
L
EC
Sta
teD
escrip
tio
n:
nva
rch
ar(
50
0)
NU
LL
Op
tio
nF
lag
s:
int
NU
LL
Eve
ntC
olle
cto
rID
: in
t N
UL
L (
FK
)
Ale
rtE
ve
ntP
ort
: in
t N
UL
L
Ale
rtE
ve
ntS
ou
rce
Po
rt:
int
NU
LL
Mo
de
lDe
sc:
va
rch
ar(
10
00
) N
UL
L
Gro
up
s
Gro
up
ID:
int
IDE
NT
ITY
(A
K1
.2)
Gro
up
Na
me
: n
va
rch
ar(
80
) N
OT
NU
LL
Gro
up
De
sc:
nva
rch
ar(
25
5)
NU
LL
Ro
leID
: in
t N
UL
L (
FK
)
Pa
ren
tGro
up
ID:
int
NU
LL
(A
K1
.1,I
E1
.1)
Gro
up
Vie
wID
: in
t N
UL
L (
FK
)
De
lete
d:
tin
yin
t N
UL
L
Site
ID:
int
NU
LL
(F
K)
Gro
up
Typ
eID
: in
t N
UL
L (
FK
)
SP
Gro
up
ID:
int
NU
LL
Ru
leID
: in
t N
UL
L (
FK
)
GU
ID:
va
rch
ar(
36
) N
UL
L
Gro
up
Ho
stL
inks
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Ho
stI
D:
int
NO
T N
UL
L (
FK
)
Sch
ed
ule
Sch
ed
ule
ID:
int
IDE
NT
ITY
De
scrip
tio
n:
va
rch
ar(
10
00
) N
UL
L
En
ab
led
: n
um
eric N
OT
NU
LL
Fre
qT
yp
e:
nu
me
ric N
OT
NU
LL
Fre
qIn
terv
al: n
um
eric N
OT
NU
LL
Fre
qS
ub
Typ
e:
nu
me
ric N
UL
L
Fre
qS
ub
Inte
rva
l: n
um
eric N
OT
NU
LL
Fre
qR
ela
tive
Int:
nu
me
ric N
OT
NU
LL
Fre
qR
ecu
rFa
cto
r: n
um
eric N
UL
L
Active
Sta
rtD
ate
: n
um
eric N
UL
L
Active
En
dD
ate
: n
um
eric N
UL
L
Active
Sta
rtT
OD
: n
um
eric N
UL
L
Active
En
dT
OD
: n
um
eric N
UL
L
Nu
mS
ch
ed
Sca
ns:
nu
me
ric N
UL
L
De
lete
d:
nu
me
ric N
OT
NU
LL
Tim
eZ
on
e:
va
rch
ar(
40
) N
UL
L
Actio
nJo
b
Actio
nJo
bID
: in
t ID
EN
TIT
Y
Actio
nD
eta
ilsID
: in
t N
OT
NU
LL
(F
K)
Co
mp
on
en
tID
: in
t N
UL
L (
FK
)
Sta
rtD
ate
Tim
e:
da
tetim
e N
OT
NU
LL
Actio
nS
tate
: n
um
eric N
OT
NU
LL
Re
su
lt:
va
rch
ar(
30
0)
NU
LL
Actio
nJo
bIn
fo:
va
rch
ar(
10
0)
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
OT
NU
LL
Actio
nD
eta
ils
Actio
nD
eta
ilsID
: in
t ID
EN
TIT
Y
Ite
mID
: in
t N
UL
L
Ho
stI
D:
int
NU
LL
(F
K)
Co
mp
on
en
tID
: in
t N
UL
L (
FK
)
Ho
stG
rou
pID
: in
t N
UL
L (
IE1
.1)
Sch
ed
ule
ID:
int
NU
LL
(F
K)
Actio
nT
yp
e:
nu
me
ric N
OT
NU
LL
(IE
2.1
)
Ro
leID
: in
t N
UL
L (
FK
)
Sch
ed
ule
dB
y:
nva
rch
ar(
60
) N
OT
NU
LL
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
UL
L
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
Ne
xtR
un
Da
te:
da
tetim
e N
UL
L (
IE3
.1)
Su
sp
en
de
d:
nu
me
ric N
OT
NU
LL
De
lete
d:
nu
me
ric N
OT
NU
LL
Co
mp
on
en
tGro
up
ID:
int
NU
LL
(F
K)
Arg
um
en
ts:
nte
xt
NU
LL
Co
ntr
olle
rID
: in
t N
UL
L
Po
licy Po
licyID
: in
t ID
EN
TIT
Y
Na
me
: n
va
rch
ar(
15
0)
NO
T N
UL
L
De
scrip
tio
n:
nva
rch
ar(
80
) N
UL
L
File
Na
me
: n
va
rch
ar(
25
5)
NU
LL
Ve
rsio
n:
va
rch
ar(
10
0)
NU
LL
Ro
leID
: in
t N
UL
L (
FK
)
Bin
ary
Da
taID
: in
t N
UL
L (
FK
)
De
lete
d:
nu
me
ric N
OT
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
UL
L
Re
ad
On
ly:
tin
yin
t N
UL
L
Ed
ito
rKe
y:
va
rch
ar(
50
) N
OT
NU
LL
Va
lid:
tin
yin
t N
OT
NU
LL
Ho
sts H
ostI
D:
int
IDE
NT
ITY
Ho
stI
pA
dd
ress:
va
rch
ar(
47
) N
UL
L
Ho
stD
NS
Na
me
: N
VA
RC
HA
R(2
54
) N
UL
L
Ho
stN
BN
am
e:
NV
AR
CH
AR
(16
) N
UL
L
Ho
stN
BD
om
ain
: n
va
rch
ar(
16
) N
UL
L
Ho
stO
SN
am
e:
nva
rch
ar(
64
) N
UL
L
Ho
stO
SV
ers
ion
: n
va
rch
ar(
32
) N
UL
L
Ho
stO
SR
evis
ion
Le
ve
l: v
arc
ha
r(3
2)
NU
LL
Ho
stO
wn
er:
nva
rch
ar(
50
) N
UL
L
Da
teH
ostA
dd
ed
: d
ate
tim
e N
OT
NU
LL
GU
ID:
va
rch
ar(
36
) N
UL
L
Ho
stI
PN
br:
nu
me
ric(1
0)
NO
T N
UL
L (
IE1
.1)
Ma
cA
dd
ress:
ch
ar(
17
) N
UL
L
Da
teH
ostU
pd
ate
d:
da
tetim
e N
OT
NU
LL
(IE
1.2
)
OS
Gro
up
ID:
int
NU
LL
(F
K)
ISS
ca
nD
ate
: d
ate
tim
e N
UL
L (
IE2
.1)
Sta
tNa
me
ID:
int
NU
LL
(IE
2.2
)
Pro
du
cts
Pro
du
ctI
D:
int
NO
T N
UL
L
Pro
dN
am
e:
nva
rch
ar(
40
) N
UL
L
Re
sp
on
se
Re
sp
on
se
ID:
int
IDE
NT
ITY
Na
me
: n
va
rch
ar(
15
0)
NO
T N
UL
L
De
scrip
tio
n:
nva
rch
ar(
80
) N
UL
L
File
Na
me
: n
va
rch
ar(
25
5)
NU
LL
Ve
rsio
n:
va
rch
ar(
10
0)
NU
LL
Ro
leID
: in
t N
UL
L (
FK
)
Bin
ary
Da
taID
: in
t N
UL
L (
FK
)
De
lete
d:
nu
me
ric N
OT
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
UL
L
Re
ad
On
ly:
tin
yin
t N
UL
L
Ed
ito
rKe
y:
va
rch
ar(
50
) N
OT
NU
LL
Va
lid:
tin
yin
t N
OT
NU
LL
Lic
en
se
Lic
en
se
ID:
int
IDE
NT
ITY
Na
me
: n
va
rch
ar(
50
) N
UL
L
Bin
ary
Da
taID
: in
t N
UL
L (
FK
)
Fe
atu
res:
nva
rch
ar(
50
) N
UL
L
Fe
atu
reD
escrip
tio
n:
nva
rch
ar(
10
0)
NU
LL
De
vic
eC
ou
nt:
in
t N
UL
L
Ma
inte
na
nce
Da
te:
va
rch
ar(
40
) N
UL
L
Exp
ire
Da
te:
va
rch
ar(
40
) N
UL
L
Sta
te:
tin
yin
t N
UL
L
Sta
teD
escrip
tio
n:
va
rch
ar(
51
2)
NU
LL
Lic
en
se
Typ
e:
tin
yin
t N
OT
NU
LL
Ke
yS
trin
g:
va
rch
ar(
50
) N
UL
L
Sta
tNa
me
ID:
int
NU
LL
(F
K)
Lic
Co
nta
ctI
nfo
GU
ID:
nva
rch
ar(
40
) N
UL
L (
FK
)
Lic
GU
ID:
nva
rch
ar(
40
) N
UL
L
De
scrip
tio
n:
nva
rch
ar(
10
0)
NU
LL
Ne
wL
ice
nse
ID:
int
NU
LL
(F
K)
Site
s Site
ID:
int
IDE
NT
ITY
(2,1
)
Na
me
: n
va
rch
ar(
60
) N
OT
NU
LL
De
scr:
nva
rch
ar(
25
5)
NU
LL
IpA
dd
ress:
va
rch
ar(
47
) N
OT
NU
LL
Po
rt:
int
NO
T N
UL
L
La
stD
ata
Lo
ad
At:
da
tetim
e N
UL
L
De
lete
d:
tin
yin
t N
UL
L
GU
ID:
va
rch
ar(
51
2)
NU
LL
Jo
bT
yp
es
Jo
bT
yp
eID
: in
t ID
EN
TIT
Y
De
scr:
va
rch
ar(
80
) N
OT
NU
LL
Ta
sks Ta
skID
: in
t ID
EN
TIT
Y
Jo
bT
yp
eID
: in
t N
OT
NU
LL
(F
K)
Na
me
: va
rch
ar(
60
) N
UL
L
De
scr:
va
rch
ar(
25
5)
NU
LL
Lo
ad
Ta
ble
Na
me
: va
rch
ar(
60
) N
UL
L
Lo
ad
Sto
red
Pro
cN
am
e:
va
rch
ar(
60
) N
UL
L
Fo
rma
tFile
: te
xt
NO
T N
UL
L
Lo
ad
SQ
LS
tate
me
nt:
va
rch
ar(
40
00
) N
UL
L
Bin
ary
Da
taT
yp
e
Bin
ary
Da
taT
yp
e:
tin
yin
t N
OT
NU
LL
Bin
ary
Da
taT
yp
eD
esc:
nva
rch
ar(
60
) N
OT
NU
LL
De
skto
pA
ge
ntV
ers
ion
GU
ID:
va
rch
ar(
36
) N
OT
NU
LL
Ve
rsio
n:
va
rch
ar(
40
) N
OT
NU
LL
Re
ad
me
File
ID:
int
NU
LL
(F
K)
Ro
leID
: in
t N
UL
L (
FK
)
Po
licyV
ers
ion
Ro
leID
: in
t N
OT
NU
LL
(F
K)
Ve
rsio
n:
va
rch
ar(
10
0)
NO
T N
UL
L
Dis
pla
yV
ers
ion
: va
rch
ar(
10
0)
NU
LL
Re
sp
on
se
Ve
rsio
n
Ro
leID
: in
t N
OT
NU
LL
(F
K)
Ve
rsio
n:
va
rch
ar(
10
0)
NO
T N
UL
L
Dis
pla
yV
ers
ion
: va
rch
ar(
10
0)
NU
LL
Co
mp
on
en
tDo
cu
me
nt
Co
mp
on
en
tID
: in
t N
OT
NU
LL
(F
K)
Na
me
sp
ace
ID:
sm
alli
nt
NO
T N
UL
L (
FK
)
Bin
ary
Da
taID
: in
t N
OT
NU
LL
(F
K)
Ve
rsio
n:
va
rch
ar(
10
0)
NU
LL
En
ab
led
: b
it N
OT
NU
LL
Gro
up
Do
cu
me
nt
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Na
me
sp
ace
ID:
sm
alli
nt
NO
T N
UL
L (
FK
)
Ve
rsio
n:
va
rch
ar(
10
0)
NO
T N
UL
L
Bin
ary
Da
taID
: in
t N
OT
NU
LL
(F
K)
En
ab
led
: b
it N
OT
NU
LL
Re
po
rtIn
sta
nce
Re
po
rtIn
sta
nce
ID:
int
NO
T N
UL
L (
FK
)
Te
mp
late
File
Na
me
: n
va
rch
ar(
25
5)
NU
LL
(IE
1.2
)
Re
po
rtC
ate
go
ry:
nva
rch
ar(
25
5)
NU
LL
Re
po
rtN
am
e:
nva
rch
ar(
25
5)
NU
LL
Re
po
rtF
ileP
ath
: n
va
rch
ar(
10
00
) N
UL
L
Da
teC
rea
ted
: d
ate
tim
e N
OT
NU
LL
Use
rID
: in
t N
UL
L (
IE1
.3)
Sh
are
d:
tin
yin
t N
OT
NU
LL
Gro
up
ID:
int
NU
LL
(IE
1.1
)
Re
cu
rsio
n:
tin
yin
t N
OT
NU
LL
Arg
um
en
ts:
nte
xt
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
OT
NU
LL
La
stM
od
ifie
dB
y:
nva
rch
ar(
25
5)
NU
LL
56
Grouping Schema
Grouping Schema
Schema The following diagram displays the Grouping schema:
Site
Ra
ng
e
Site
Ra
ng
eID
: sm
alli
nt
IDE
NT
ITY
Sta
rtIP
Nb
r: n
um
eric(1
0)
NU
LL
En
dIP
Nb
r: n
um
eric(1
0)
NU
LL
De
scrip
tio
n:
nva
rch
ar(
64
) N
UL
L
De
lete
d:
tin
yin
t N
OT
NU
LL
Ro
le
Ro
leID
: in
t N
OT
NU
LL
Ro
leN
am
e:
va
rch
ar(
60
) N
OT
NU
LL
Pro
du
ctI
D:
int
NU
LL
(F
K)
Cla
ssN
am
e:
va
rch
ar(
25
5)
NO
T N
UL
L (
AK
1.1
)
Na
me
sp
ace
: va
rch
ar(
25
5)
NU
LL
De
fau
ltL
og
gin
gL
eve
l: t
inyin
t N
UL
L
De
fau
ltS
tatu
s:
tin
yin
t N
UL
L
De
fau
ltO
ptio
nF
lag
s:
tin
yin
t N
UL
L
Su
pp
ort
sE
C:
tin
yin
t N
OT
NU
LL
Su
pp
ort
sG
rou
pP
olic
y:
tin
yin
t N
OT
NU
LL
Co
mp
on
en
t
Co
mp
on
en
tID
: in
t ID
EN
TIT
Y
Ro
leID
: in
t N
UL
L (
FK
) (I
E2
.3)
La
stP
ush
ed
Po
licyID
: in
t N
UL
L (
FK
)
Pro
pe
rtyF
ileID
: in
t N
UL
L (
FK
)
Ho
stI
D:
int
NU
LL
(F
K)
(IE
2.1
)
Prio
rity
: n
um
eric N
OT
NU
LL
Sta
tus:
nu
me
ric N
OT
NU
LL
La
stM
od
ifie
dB
y:
nva
rch
ar(
60
) N
UL
L
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
De
lete
d:
nu
me
ric N
OT
NU
LL
Eve
ntS
ou
rce
Po
rt:
int
NU
LL
Eve
ntP
ort
: in
t N
UL
L
Ve
rsio
n:
va
rch
ar(
40
) N
UL
L
Se
nso
rNa
me
: n
va
rch
ar(
10
0)
NU
LL
(IE
2.2
)
Po
licy:
nva
rch
ar(
43
4)
NU
LL
Ma
ste
r: v
arc
ha
r(3
0)
NU
LL
Ava
ilab
leX
PU
: va
rch
ar(
40
) N
UL
L
La
stI
nsta
lled
XP
U:
va
rch
ar(
40
) N
UL
L
Lo
gg
ing
Le
ve
l: t
inyin
t N
UL
L
Lic
en
se
Sta
te:
sm
alli
nt
NU
LL
XP
US
tate
: sm
alli
nt
NU
LL
Sta
teD
escrip
tio
n:
nva
rch
ar(
50
0)
NU
LL
Un
exp
ecte
dC
on
fig
Ch
an
ge
: tin
yin
t N
UL
L
Mo
difie
dB
yS
en
so
rCo
ntr
olle
r: t
inyin
t N
OT
NU
LL
Da
em
on
Po
rt:
int
NU
LL
Eve
ntL
og
Op
tio
n:
tin
yin
t N
UL
L
Site
ID:
int
NU
LL
(F
K)
La
stP
ush
ed
Re
sp
on
se
ID:
int
NU
LL
(F
K)
XP
UD
ate
: d
ate
tim
e N
UL
L
Re
sp
on
se
: n
va
rch
ar(
43
4)
NU
LL
Po
licyG
rou
pID
: in
t N
UL
L (
FK
)
La
stH
ea
rtB
ea
t: d
ate
tim
e N
UL
L
GU
ID:
va
rch
ar(
36
) N
UL
L (
IE1
.1)
Lic
en
se
ID:
int
NU
LL
(F
K)
Po
licyC
ha
ng
ed
Fla
g:
tin
yin
t N
OT
NU
LL
FC
PE
ve
ntP
ort
: in
t N
UL
L
FC
PE
ve
ntS
ou
rce
Po
rt:
int
NU
LL
EC
Sta
tus:
tin
yin
t N
UL
L
EC
Sta
teD
escrip
tio
n:
nva
rch
ar(
50
0)
NU
LL
Op
tio
nF
lag
s:
int
NU
LL
Eve
ntC
olle
cto
rID
: in
t N
UL
L (
FK
)
Ale
rtE
ve
ntP
ort
: in
t N
UL
L
Ale
rtE
ve
ntS
ou
rce
Po
rt:
int
NU
LL
Mo
de
lDe
sc:
va
rch
ar(
10
00
) N
UL
L
Gro
up
Vie
w
Gro
up
Vie
wID
: in
t ID
EN
TIT
Y (
IE1
.1)
Gro
up
Vie
wN
am
e:
nva
rch
ar(
64
) N
OT
NU
LL
De
lete
d:
tin
yin
t N
UL
L
Gro
up
s
Gro
up
ID:
int
IDE
NT
ITY
(A
K1
.2)
Gro
up
Na
me
: n
va
rch
ar(
80
) N
OT
NU
LL
Gro
up
De
sc:
nva
rch
ar(
25
5)
NU
LL
Ro
leID
: in
t N
UL
L (
FK
)
Pa
ren
tGro
up
ID:
int
NU
LL
(A
K1
.1,I
E1
.1)
Gro
up
Vie
wID
: in
t N
UL
L (
FK
)
De
lete
d:
tin
yin
t N
UL
L
Site
ID:
int
NU
LL
(F
K)
Gro
up
Typ
eID
: in
t N
UL
L (
FK
)
SP
Gro
up
ID:
int
NU
LL
Ru
leID
: in
t N
UL
L (
FK
)
GU
ID:
va
rch
ar(
36
) N
UL
L
Gro
up
Ho
stL
inks
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Ho
stI
D:
int
NO
T N
UL
L (
FK
)
Ho
sts H
ostI
D:
int
IDE
NT
ITY
Ho
stI
pA
dd
ress:
va
rch
ar(
47
) N
UL
L
Ho
stD
NS
Na
me
: N
VA
RC
HA
R(2
54
) N
UL
L
Ho
stN
BN
am
e:
NV
AR
CH
AR
(16
) N
UL
L
Ho
stN
BD
om
ain
: n
va
rch
ar(
16
) N
UL
L
Ho
stO
SN
am
e:
nva
rch
ar(
64
) N
UL
L
Ho
stO
SV
ers
ion
: n
va
rch
ar(
32
) N
UL
L
Ho
stO
SR
evis
ion
Le
ve
l: v
arc
ha
r(3
2)
NU
LL
Ho
stO
wn
er:
nva
rch
ar(
50
) N
UL
L
Da
teH
ostA
dd
ed
: d
ate
tim
e N
OT
NU
LL
GU
ID:
va
rch
ar(
36
) N
UL
L
Ho
stI
PN
br:
nu
me
ric(1
0)
NO
T N
UL
L (
IE1
.1)
Ma
cA
dd
ress:
ch
ar(
17
) N
UL
L
Da
teH
ostU
pd
ate
d:
da
tetim
e N
OT
NU
LL
(IE
1.2
)
OS
Gro
up
ID:
int
NU
LL
(F
K)
ISS
ca
nD
ate
: d
ate
tim
e N
UL
L (
IE2
.1)
Sta
tNa
me
ID:
int
NU
LL
(IE
2.2
)
Pro
du
cts
Pro
du
ctI
D:
int
NO
T N
UL
L
Pro
dN
am
e:
nva
rch
ar(
40
) N
UL
L
Site
s Site
ID:
int
IDE
NT
ITY
(2,1
)
Na
me
: n
va
rch
ar(
60
) N
OT
NU
LL
De
scr:
nva
rch
ar(
25
5)
NU
LL
IpA
dd
ress:
va
rch
ar(
47
) N
OT
NU
LL
Po
rt:
int
NO
T N
UL
L
La
stD
ata
Lo
ad
At:
da
tetim
e N
UL
L
De
lete
d:
tin
yin
t N
UL
L
Gro
up
Typ
es
Gro
up
Typ
eID
: in
t ID
EN
TIT
Y
Na
me
: n
va
rch
ar(
64
) N
UL
L (
AK
1.1
)
De
scr:
nva
rch
ar(
25
5)
NU
LL
Ho
stC
ou
nts
Co
un
tDa
te:
da
tetim
e N
OT
NU
LL
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Ho
stC
ou
nt:
in
t N
OT
NU
LL
Gro
up
sP
are
ntC
hild
Pa
ren
tID
: in
t N
UL
L (
FK
)
Ch
ildID
: in
t N
OT
NU
LL
(F
K)
Gro
up
Ru
le
Ru
leID
: in
t ID
EN
TIT
Y
Ru
leT
yp
e:
tin
yin
t N
OT
NU
LL
(F
K)
Ru
leV
alu
e:
nte
xt
NO
T N
UL
L
De
scrip
tio
n:
nva
rch
ar(
25
4)
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
Gro
up
Po
licy
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Ro
leID
: in
t N
OT
NU
LL
(F
K)
Po
licyID
: in
t N
OT
NU
LL
(F
K)
Gro
up
Ru
leT
yp
e
Ru
leT
yp
e:
tin
yin
t N
OT
NU
LL
De
scrip
tio
n:
nva
rch
ar(
60
) N
OT
NU
LL
Un
Gro
up
ed
Ho
sts
Ho
stI
D:
int
NO
T N
UL
L (
FK
)
Un
Gro
up
ed
Sta
tus:
tin
yin
t N
UL
L (
FK
)
Un
Gro
up
ed
De
tails
: n
va
rch
ar(
25
4)
NU
LL
La
stM
od
ifie
dA
t: d
ate
tim
e N
UL
L
Un
Gro
up
ed
Sta
tus
Un
Gro
up
ed
Sta
tus:
tin
yin
t N
OT
NU
LL
Un
Gro
up
ed
Sta
tusD
esc:
nva
rch
ar(
60
) N
UL
L
57Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
ITRSO Schema
Schema The following diagram displays the ITRSO schema:
Ra
tin
gS
et
Ra
tin
gID
: in
t N
OT
NU
LL
(F
K)
Ra
tin
gA
ttrib
ute
ID:
int
NO
T N
UL
L (
FK
)
Ra
tin
gO
rde
r: in
t N
OT
NU
LL
Ra
tin
gA
ttrib
ute
Ra
tin
gA
ttrib
ute
ID:
int
NO
T N
UL
L
Ra
tin
gA
ttrib
ute
Co
de
ID:
int
NO
T N
UL
L (
FK
)
Att
rib
ute
Va
lue
: va
rch
ar(
80
) N
UL
L
Ra
tin
gA
ttrib
ute
Co
de
Ra
tin
gA
ttrib
ute
Co
de
ID:
int
NO
T N
UL
L
Att
rib
ute
Na
me
: n
va
rch
ar(
80
) N
OT
NU
LL
Ch
eckP
rod
ucts
Ch
eckP
rod
uctI
D:
int
NO
T N
UL
L
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Pro
dV
erI
D:
int
NO
T N
UL
L (
FK
)
Co
mm
en
t: v
arc
ha
r(4
00
0)
NU
LL
Fa
lse
Ne
ga
tive
: n
text
NU
LL
Fa
lse
Po
sitiv
e:
nte
xt
NU
LL
Pro
du
ctC
he
ckN
am
e:
va
rch
ar(
12
0)
NU
LL
Alg
orith
mID
: in
t N
UL
L (
FK
)
Vu
lnS
tatu
s:
bit N
UL
L
Alg
orith
mR
atin
g
Alg
orith
mID
: in
t N
OT
NU
LL
(F
K)
Ra
tin
gID
: in
t N
OT
NU
LL
(F
K)
Alg
orith
m
Alg
orith
mID
: in
t N
OT
NU
LL
Alg
orith
mN
um
: in
t N
OT
NU
LL
Na
me
Sp
ace
: ch
ar(
10
) N
UL
L
Ra
tin
g Ra
tin
gID
: in
t N
OT
NU
LL
Co
rre
latio
nIn
fo
RS
Ch
eckP
rod
uctI
D:
int
NO
T N
UL
L (
FK
)
Sca
nn
erP
rod
uctI
D:
int
NO
T N
UL
L (
FK
)
Ro
leN
um
be
r: in
t N
OT
NU
LL
Se
cu
rity
Ch
ecks
Se
cC
hkID
: in
t N
OT
NU
LL
Ta
gN
am
e:
va
rch
ar(
60
) N
OT
NU
LL
Ch
kN
am
e:
va
rch
ar(
40
) N
OT
NU
LL
Ch
kB
rie
fDe
sc:
NV
AR
CH
AR
(25
5)
NU
LL
Ch
kD
eta
ilDe
sc:
nte
xt
NU
LL
Ch
kD
ate
Re
po
rte
d:
da
tetim
e N
UL
L
Ch
kD
ate
En
tere
d:
da
tetim
e N
UL
L
Ch
kD
ate
Ch
an
ge
d:
da
tetim
e N
UL
L
Ite
mA
ffe
cte
d:
nva
rch
ar(
25
5)
NU
LL
Dis
co
ve
rer:
nva
rch
ar(
25
5)
NU
LL
Co
nse
qN
am
e:
va
rch
ar(
20
) N
UL
L
Co
nse
qB
rie
fDe
sc:
nva
rch
ar(
25
5)
NU
LL
Co
nse
qD
eta
ilDe
sc:
nte
xt
NU
LL
Ob
so
lete
: b
it N
OT
NU
LL
Re
pla
ce
dB
y:
int
NU
LL
Vu
lnS
tatu
s:
bit N
OT
NU
LL
58
Metrics Schema
Metrics Schema
Schema The following diagram displays the Metrics schema:
Gro
up
s
Gro
up
ID:
int
IDE
NT
ITY
(A
K1
.2)
Gro
up
Na
me
: n
va
rch
ar(
80
) N
OT
NU
LL
Gro
up
De
sc:
nva
rch
ar(
25
5)
NU
LL
Ro
leID
: in
t N
UL
L (
FK
)
Pa
ren
tGro
up
ID:
int
NU
LL
(A
K1
.1,I
E1
.1)
Gro
up
Vie
wID
: in
t N
UL
L (
FK
)
De
lete
d:
tin
yin
t N
UL
L
Site
ID:
int
NU
LL
(F
K)
Gro
up
Typ
eID
: in
t N
UL
L (
FK
)
SP
Gro
up
ID:
int
NU
LL
Ru
leID
: in
t N
UL
L (
FK
)
GU
ID:
va
rch
ar(
36
) N
UL
L
Vu
lnS
tatu
s
Vu
lnS
tatu
s:
tin
yin
t N
OT
NU
LL
Vu
lnS
tatu
sD
esc:
nva
rch
ar(
60
) N
UL
L
So
rtID
: in
t N
OT
NU
LL
Se
ve
rity
Se
ve
rity
ID:
tin
yin
t N
OT
NU
LL
Se
ve
rity
De
sc:
nva
rch
ar(
10
) N
UL
L
Me
tric
s
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Se
ve
rity
ID:
tin
yin
t N
OT
NU
LL
(F
K)
Me
tric
sT
yp
eID
: in
t N
OT
NU
LL
(F
K)
Da
yID
: in
t N
OT
NU
LL
(F
K)
Vu
lnS
tatu
s:
tin
yin
t N
OT
NU
LL
(F
K)
Se
cC
hkID
: in
t N
UL
L
Co
un
ts:
int
NO
T N
UL
L
Me
tric
sD
ay
Da
yID
: in
t N
OT
NU
LL
Cu
rre
ntD
ate
: d
ate
tim
e N
OT
NU
LL
(A
K1
.1)
Da
yN
br:
sm
alli
nt
NO
T N
UL
L
Da
yO
fWe
ek:
nva
rch
ar(
20
) N
OT
NU
LL
Mo
nth
: sm
alli
nt
NO
T N
UL
L
Qu
art
er:
sm
alli
nt
NO
T N
UL
L
Ye
ar:
sm
alli
nt
NO
T N
UL
L
We
ekE
nd
Fla
g:
sm
alli
nt
NO
T N
UL
L
Me
tric
sT
yp
e
Me
tric
sT
yp
eID
: in
t N
OT
NU
LL
De
scr:
nva
rch
ar(
30
) N
UL
L
Ho
stC
ou
nts
Co
un
tDa
te:
da
tetim
e N
OT
NU
LL
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Ho
stC
ou
nt:
in
t N
OT
NU
LL
Re
jectM
etr
ics
Site
ID:
int
NU
LL
SP
Gro
up
ID:
int
NO
T N
UL
L
Se
cC
hkID
: in
t N
OT
NU
LL
Se
ve
rity
ID:
int
NO
T N
UL
L
Me
tric
sT
yp
eID
: in
t N
OT
NU
LL
Me
tric
sD
ay:
da
tetim
e N
OT
NU
LL
Vu
lnS
tatu
s:
int
NO
T N
UL
L
Co
un
ts:
int
NO
T N
UL
L
59Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Sensor Data Schema
Schema The following diagram displays the Sensor Data schema:S
enso
rData
1
Row
ID: big
int ID
EN
TIT
Y
Senso
rData
ID: big
int N
OT
NU
LL (
IE8.4
)
Ale
rtN
am
e: nva
rchar(
60)
NU
LL
Ale
rtD
ate
Tim
e: date
time N
ULL (
IE8.2
)
Ale
rtID
: ch
ar(
26)
NU
LL
Senso
rNam
e: nva
rchar(
100)
NU
LL
Pro
duct
ID: sm
alli
nt N
ULL
Ale
rtT
ypeID
: sm
alli
nt N
ULL
Ale
rtP
riority
: tin
yint N
ULL
Ale
rtF
lags:
int N
ULL
Senso
rAddre
ssIn
t: n
um
eric(
10)
NU
LL
Src
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Dest
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Pro
toco
lID: sm
alli
nt N
ULL
Sourc
eP
ort
: in
t N
ULL
Sourc
eP
ort
Nam
e: nva
rchar(
60)
NU
LL
Dest
Port
Nam
e: nva
rchar(
60)
NU
LL
Use
rNam
e: nva
rchar(
60)
NU
LL
Pro
cess
ingF
lag: tin
yint N
ULL (
IE7.1
)
Cle
are
d: ch
ar(
1)
NU
LL (
IE8.3
)
Host
GU
ID: va
rchar(
36)
NU
LL
Host
DN
SN
am
e: nva
rchar(
254)
NU
LL
Host
NB
Nam
e: nva
rchar(
20)
NU
LL
Host
NB
Dom
ain
: nva
rchar(
255)
NU
LL
Host
OS
Nam
e: nva
rchar(
64)
NU
LL
Host
OS
Vers
ion: nva
rchar(
32)
NU
LL
Host
OS
Revi
sionLeve
l: va
rchar(
32)
NU
LL
Obse
rvance
ID: big
int N
ULL (
IE8.1
)
Vuln
Sta
tus:
tin
yint N
ULL
Ale
rtC
ount: in
t N
ULL
Obje
ctN
am
e: nva
rchar(
2000)
NU
LL
Obje
ctT
ype: tin
yint N
ULL
OS
Gro
upID
: tin
yint N
ULL
Com
ponentID
: in
t N
ULL
Senso
rGU
ID: va
rchar(
36)
NU
LL
Lic
Module
: va
rchar(
100)
NU
LL
VLan: nva
rchar(
64)
NU
LL
Virtu
alS
enso
rNam
e: nva
rchar(
64)
NU
LL
Senso
rData
AV
P1
Senso
rData
ID: big
int N
OT
NU
LL (
IE1.1
)
Attribute
Nam
e: nva
rchar(
50)
NU
LL
Attribute
Data
Typ
e: tin
yint N
ULL
Attribute
Valu
e: nva
rchar(
2000)
NU
LL
Attribute
Blo
b: nte
xt N
ULL
Senso
rData
Resp
onse
1
Senso
rData
ID: big
int N
OT
NU
LL (
IE1.1
)
Resp
onse
Typ
eN
am
e: va
rchar(
32)
NU
LL
Resp
onse
Nam
e: nva
rchar(
32)
NU
LL
Senso
rData
Le
gacy
Senso
rData
ID: big
int N
OT
NU
LL
Ale
rtD
ata
ID: in
t N
OT
NU
LL
Ale
rtF
orm
atV
ers
ion: in
t N
ULL
Ale
rtN
am
eT
ype: in
t N
ULL
Ale
rtN
am
e: nva
rchar(
60)
NU
LL
Ale
rtD
ate
Tim
e: date
time N
ULL (
IE8.2
)
Loca
lTim
ezo
neO
ffse
t: in
t N
ULL
Ale
rtT
imeP
reci
sion: in
t N
ULL
Ale
rtT
imeS
eqID
: in
t N
ULL
Ale
rtID
: ch
ar(
26)
NU
LL
Senso
rAddre
ss: va
rchar(
60)
NU
LL
Senso
rNam
e: nva
rchar(
100)
NU
LL
Pro
duct
ID: in
t N
ULL
Ale
rtT
ypeID
: in
t N
ULL
Ale
rtP
riority
: in
t N
ULL
Ale
rtF
lags:
int N
ULL
Senso
rAddre
ssIn
t: n
um
eric(
10)
NU
LL
Src
Addre
ssN
am
e: V
AR
CH
AR
(60)
NU
LL
Src
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Dest
Addre
ssN
am
e: V
AR
CH
AR
(60)
NU
LL
Dest
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Pro
toco
lID: in
t N
ULL
Sourc
eP
ort
: in
t N
ULL
Obje
ctN
am
e: nva
rchar(
2000)
NU
LL
Obje
ctT
ype: tin
yint N
ULL
Sourc
eP
ort
Nam
e: nva
rchar(
60)
NU
LL
Dest
Port
Nam
e: nva
rchar(
60)
NU
LL
Attack
Succ
ess
ful:
tinyi
nt N
ULL
Attack
Fra
gm
ente
d: tin
yint N
ULL
Attack
Origin
: nva
rchar(
60)
NU
LL
Reso
urc
eID
: in
t N
ULL
Reso
urc
eS
ubID
: va
rchar(
60)
NU
LL
Applic
atio
n: nva
rchar(
60)
NU
LL
Use
rNam
e: nva
rchar(
60)
NU
LL
Pro
cess
ingF
lag: in
t N
ULL (
IE7.1
)
Cle
are
d: ch
ar(
1)
NU
LL (
IE8.3
)
Host
GU
ID: va
rchar(
36)
NU
LL
Sta
rtT
ime: date
time N
ULL
Sto
pT
ime: date
time N
ULL
Host
DN
SN
am
e: nva
rchar(
254)
NU
LL
Host
NB
Nam
e: nva
rchar(
20)
NU
LL
Host
NB
Dom
ain
: nva
rchar(
255)
NU
LL
Host
OS
Nam
e: nva
rchar(
64)
NU
LL
Host
OS
Vers
ion: nva
rchar(
32)
NU
LL
Host
OS
Revi
sionLeve
l: va
rchar(
32)
NU
LL
Vuln
Sta
tus:
tin
yint N
ULL
Ale
rtC
ount: in
t N
OT
NU
LL
Obse
rvance
ID: big
int N
ULL (
IE8.1
)
OS
Gro
upID
: in
t N
ULL
Com
ponentID
: in
t N
ULL
Senso
rGU
ID: va
rchar(
36)
NU
LL
Lic
Module
: va
rchar(
100)
NU
LL
Senso
rData
Resp
onse
Le
gacy
Senso
rData
ID: big
int N
OT
NU
LL (
IE1.1
)
Resp
onse
Typ
eN
am
e: va
rchar(
32)
NU
LL
Resp
onse
Nam
e: nva
rchar(
32)
NU
LL
Senso
rData
AV
PLe
gacy
Senso
rData
ID: big
int N
OT
NU
LL (
IE1.1
)
Attribute
Nam
e: nva
rchar(
50)
NU
LL
Attribute
Data
Typ
e: va
rchar(
30)
NU
LL
Attribute
Valu
e: nva
rchar(
2000)
NU
LL
Attribute
Blo
b: T
EX
T N
ULL
Senso
rData
wrk
_S
enso
rData
Row
ID: big
int N
OT
NU
LL
Senso
rData
ID: big
int N
OT
NU
LL
Ale
rtN
am
e: nva
rchar(
60)
NU
LL
Ale
rtD
ate
Tim
e: date
time N
ULL
Senso
rNam
e: nva
rchar(
100)
NU
LL
Pro
duct
ID: sm
alli
nt N
ULL
Ale
rtT
ypeID
: sm
alli
nt N
ULL
Ale
rtP
riority
: tin
yint N
ULL
Ale
rtF
lags:
int N
ULL
Senso
rAddre
ssIn
t: n
um
eric(
10)
NU
LL
Src
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Dest
Addre
ssIn
t: n
um
eric(
10)
NU
LL
Obje
ctN
am
e: nva
rchar(
2000)
NU
LL
Obje
ctT
ype: tin
yint N
ULL
Pro
cess
ingF
lag: tin
yint N
ULL
Cle
are
d: ch
ar(
1)
NU
LL
Host
GU
ID: va
rchar(
36)
NU
LL
Host
DN
SN
am
e: nva
rchar(
254)
NU
LL
Host
NB
Nam
e: nva
rchar(
20)
NU
LL
Host
NB
Dom
ain
: nva
rchar(
255)
NU
LL
Host
OS
Nam
e: nva
rchar(
64)
NU
LL
Host
OS
Vers
ion: nva
rchar(
32)
NU
LL
Host
OS
Revi
sionLeve
l: va
rchar(
32)
NU
LL
Vuln
Sta
tus:
tin
yint N
ULL
Ale
rtC
ount: in
t N
ULL
Obse
rvance
ID: big
int N
ULL
OS
Gro
upID
: tin
yint N
ULL
Com
ponentID
: in
t N
ULL
Senso
rGU
ID: va
rchar(
36)
NU
LL
Lic
Module
: va
rchar(
100)
NU
LL
SecC
hkI
D: in
t N
ULL
Dst
Host
ID: in
t N
ULL
Src
Host
ID: in
t N
ULL
Obje
ctID
: in
t N
ULL
Reje
ctR
easo
n: va
rchar(
200)
NU
LL
Ale
rtID
: ch
ar(
26)
NU
LL
VLanID
: in
t N
ULL
VLan: nva
rchar(
64)
NU
LL
Virtu
alS
enso
rID
: in
t N
ULL
Virtu
alS
enso
rNam
e: nva
rchar(
64)
NU
LL
Eve
ntU
serI
D: in
t N
ULL
Use
rNam
e: nva
rchar(
64)
NU
LL
Senso
rData
AV
P
Senso
rData
Resp
onse
60
Site Analysis Schema
Site Analysis Schema
Schema The following diagram displays the Site Analysis schema:
Vuln
Sta
tus
Vuln
Sta
tus: tinyin
t N
OT
NU
LL
Vuln
Sta
tusD
esc: nvarc
har(
60)
NU
LL
Sort
ID: in
t N
OT
NU
LL
SensorH
ost
SensorI
D: C
om
ponent.C
om
ponentID
: in
t ID
EN
TIT
Y
SensorH
ostID
: H
osts
.HostID
: in
t ID
EN
TIT
Y
SensorI
PA
ddre
ss: H
osts
.HostIP
Nbr:
num
eric(1
0)
NO
T N
ULL
SensorD
NS
Nam
e: H
osts
.HostD
NS
Nam
e: N
VA
RC
HA
R(2
54)
NU
LL
SensorO
SN
am
e: H
osts
.HostO
SN
am
e: nvarc
har(
64)
NU
LL
SensorN
am
e: C
om
ponent.S
ensorN
am
e: nvarc
har(
100)
NU
LL
SensorN
BN
am
e: H
osts
.HostN
BN
am
e: N
VA
RC
HA
R(1
6)
NU
LL
Observ
anceT
ype
Observ
anceT
ype: tinyin
t N
OT
NU
LL
Observ
anceT
ypeD
esc: nvarc
har(
30)
NU
LL
Severity
Severity
ID: tinyin
t N
OT
NU
LL
Severity
Desc: nvarc
har(
10)
NU
LL
Observ
ances
Observ
anceID
: big
int N
OT
NU
LL
Observ
anceT
ime: date
tim
e N
OT
NU
LL (
IE8.1
)
Observ
anceT
ype: tinyin
t N
ULL (
FK
)
SecC
hkID
: in
t N
ULL (
FK
)
SensorI
D: in
t N
OT
NU
LL
Sourc
eID
: in
t N
OT
NU
LL (
IE6.1
)
Targ
etID
: in
t N
OT
NU
LL (
IE10.1
)
Observ
anceC
ount: int N
ULL
Obje
ctID
: in
t N
ULL (
FK
)
Severity
ID: tinyin
t N
ULL (
FK
)
Cle
are
dC
ount: int N
ULL
Vuln
Sta
tus: tinyin
t N
ULL (
FK
)
LastM
odifie
dA
t: d
ate
tim
e N
ULL (
IE11.1
)
CheckS
um
ID: in
t N
ULL (
IE12.1
)
VLanID
: in
t N
ULL (
FK
)
Virtu
alS
ensorI
D: in
t N
ULL (
FK
)
EventU
serI
D: in
t N
ULL (
FK
)
Observ
anceC
olu
mn
Dis
pla
yN
am
e: varc
har(
100)
NO
T N
ULL
Qualif
iedC
olN
am
e: varc
har(
100)
NU
LL
Table
Nam
e: varc
har(
100)
NU
LL
ColN
am
e: varc
har(
100)
NU
LL
PK
_C
olN
am
e: varc
har(
100)
NU
LL
FK
_C
olN
am
e: varc
har(
100)
NU
LL
FK
_T
able
Nam
e: varc
har(
100)
NU
LL
ColT
ype: char(
1)
NU
LL
Join
Type: varc
har(
15)
NU
LL
Filt
erC
olN
am
e: varc
har(
100)
NU
LL
IndexH
int: v
arc
har(
100)
NU
LL
Uniq
ueT
oD
imensio
n: tinyin
t N
ULL
Com
ponent
Com
ponentID
: in
t ID
EN
TIT
Y
Role
ID: in
t N
ULL (
FK
) (I
E2.3
)
LastP
ushedP
olic
yID
: in
t N
ULL (
FK
)
Pro
pert
yF
ileID
: in
t N
ULL (
FK
)
HostID
: in
t N
ULL (
FK
) (I
E2.1
)
Priority
: num
eric N
OT
NU
LL
Sta
tus: num
eric N
OT
NU
LL
LastM
odifie
dB
y: nvarc
har(
60)
NU
LL
LastM
odifie
dA
t: d
ate
tim
e N
ULL
Dele
ted: num
eric N
OT
NU
LL
EventS
ourc
eP
ort
: in
t N
ULL
EventP
ort
: in
t N
ULL
Vers
ion: varc
har(
40)
NU
LL
SensorN
am
e: nvarc
har(
100)
NU
LL (
IE2.2
)
Polic
y: nvarc
har(
434)
NU
LL
Maste
r: v
arc
har(
30)
NU
LL
Availa
ble
XP
U: varc
har(
40)
NU
LL
LastInsta
lledX
PU
: varc
har(
40)
NU
LL
Loggin
gLevel: tin
yin
t N
ULL
Lic
enseS
tate
: sm
alli
nt N
ULL
XP
US
tate
: sm
alli
nt N
ULL
Sta
teD
escription: nvarc
har(
500)
NU
LL
Unexpecte
dC
onfigC
hange: tinyin
t N
ULL
Modifie
dB
yS
ensorC
ontr
olle
r: tin
yin
t N
OT
NU
LL
Daem
onP
ort
: in
t N
ULL
EventL
ogO
ption: tinyin
t N
ULL
SiteID
: in
t N
ULL (
FK
)
LastP
ushedR
esponseID
: in
t N
ULL (
FK
)
XP
UD
ate
: date
tim
e N
ULL
Response: nvarc
har(
434)
NU
LL
Polic
yG
roupID
: in
t N
ULL (
FK
)
LastH
eart
Beat: d
ate
tim
e N
ULL
GU
ID: varc
har(
36)
NU
LL (
IE1.1
)
Lic
enseID
: in
t N
ULL (
FK
)
Polic
yC
hangedF
lag: tinyin
t N
OT
NU
LL
FC
PE
ventP
ort
: in
t N
ULL
FC
PE
ventS
ourc
eP
ort
: in
t N
ULL
EC
Sta
tus: tinyin
t N
ULL
EC
Sta
teD
escription: nvarc
har(
500)
NU
LL
OptionF
lags: in
t N
ULL
EventC
olle
cto
rID
: in
t N
ULL (
FK
)
Ale
rtE
ventP
ort
: in
t N
ULL
Ale
rtE
ventS
ourc
eP
ort
: in
t N
ULL
ModelD
esc: varc
har(
1000)
NU
LL
Security
Checks
SecC
hkID
: in
t N
OT
NU
LL
TagN
am
e: varc
har(
60)
NO
T N
ULL (
AK
1.1
)
ChkN
am
e: varc
har(
40)
NO
T N
ULL
ChkB
riefD
esc: N
VA
RC
HA
R(2
55)
NU
LL
ChkD
eta
ilDesc: nte
xt N
ULL
ChkD
ate
Report
ed: date
tim
e N
ULL
ChkD
ate
Ente
red: date
tim
e N
ULL
ChkD
ate
Changed: date
tim
e N
ULL
Item
Affecte
d: nvarc
har(
255)
NU
LL
Dis
covere
r: n
varc
har(
255)
NU
LL
ConseqN
am
e: varc
har(
20)
NU
LL
ConseqB
riefD
esc: nvarc
har(
255)
NU
LL
ConseqD
eta
ilDesc: nte
xt N
ULL
Obsole
te: bit N
OT
NU
LL
Repla
cedB
y: in
t N
ULL
Vuln
Sta
tus: bit N
OT
NU
LL
Hosts H
ostID
: in
t ID
EN
TIT
Y
HostIpA
ddre
ss: varc
har(
47)
NU
LL
HostD
NS
Nam
e: N
VA
RC
HA
R(2
54)
NU
LL
HostN
BN
am
e: N
VA
RC
HA
R(1
6)
NU
LL
HostN
BD
om
ain
: nvarc
har(
16)
NU
LL
HostO
SN
am
e: nvarc
har(
64)
NU
LL
HostO
SV
ers
ion: nvarc
har(
32)
NU
LL
HostO
SR
evis
ionLevel: v
arc
har(
32)
NU
LL
HostO
wner:
nvarc
har(
50)
NU
LL
Date
HostA
dded: date
tim
e N
OT
NU
LL
GU
ID: varc
har(
36)
NU
LL
HostIP
Nbr:
num
eric(1
0)
NO
T N
ULL (
IE1.1
)
MacA
ddre
ss: char(
17)
NU
LL
Date
HostU
pdate
d: date
tim
e N
OT
NU
LL (
IE1.2
)
OS
Gro
upID
: in
t N
ULL (
FK
)
ISS
canD
ate
: date
tim
e N
ULL (
IE2.1
)
Sta
tNam
eID
: in
t N
ULL (
IE2.2
)
Sourc
eH
ost
Sourc
eID
: <
Hosts
.HostID
>
Sourc
eIp
Addre
ss: <
Hosts
.HostIpN
br>
Sourc
eD
NS
Nam
e: <
Hosts
.HostD
NS
Nam
e>
Sourc
eO
SN
am
e: <
Hosts
.HostO
SN
am
e>
Sourc
eN
BN
am
e: H
osts
.HostN
BN
am
e: N
VA
RC
HA
R(1
6)
NU
LL
Targ
etH
ost
Targ
etID
: <
Hosts
.HostID
>
Targ
etIpA
ddre
ss: <
Hosts
.HostIpN
br>
Targ
etD
NS
Nam
e: <
Hosts
.HostD
NS
Nam
e>
Targ
etO
SN
am
e: <
Hosts
.HostO
SN
am
e>
Targ
etIP
Dis
pla
y: H
osts
.HostIpA
ddre
ss: varc
har(
47)
NU
LL
Targ
etO
SR
evis
ionLevel: H
osts
.HostO
SR
evis
ionLevel: v
arc
har(
32)
NU
LL
Targ
etN
BN
am
e: H
osts
.HostN
BN
am
e: N
VA
RC
HA
R(1
6)
NU
LL
SiteF
ilters
SiteF
ilterI
D: in
t ID
EN
TIT
Y
SiteF
ilterT
ypeID
: in
t N
ULL (
FK
)
SiteF
ilterN
am
e: nvarc
har(
60)
NU
LL
SiteF
ilterD
esc: nte
xt N
ULL
Fusio
nIg
nore
Fla
g: bit N
OT
NU
LL
Dele
ted: tinyin
t N
ULL
Cre
ate
dB
y: varc
har(
60)
NU
LL
Date
Modifie
d: date
tim
e N
ULL
Observ
anceS
iteF
ilters
Observ
anceID
: big
int N
OT
NU
LL
SiteF
ilterR
ule
ID: in
t N
OT
NU
LL (
FK
)
SiteF
ilterI
D: in
t N
OT
NU
LL (
FK
) (I
E1.1
)
Observ
anceS
iteF
ilters
Vie
w
Observ
anceID
: O
bserv
anceS
iteF
ilters
.Observ
anceID
: big
int N
OT
NU
LL
SiteF
ilterI
D: O
bserv
anceS
iteF
ilters
.SiteF
ilterI
D: in
t N
OT
NU
LL
SiteF
ilterT
ype: S
iteF
ilterT
ype.S
iteF
ilterT
ype: char(
2)
NO
T N
ULL
SiteF
ilterN
am
e: S
iteF
ilters
.SiteF
ilterN
am
e: nvarc
har(
60)
NU
LL
SiteF
ilterD
esc: <
convert
(varc
har(
4000...>
Cre
ate
dB
y: S
iteF
ilters
.Cre
ate
dB
y: varc
har(
60)
NU
LL
SiteF
ilterT
ype
SiteF
ilterT
ypeID
: in
t N
OT
NU
LL
SiteF
ilterT
ype: char(
2)
NO
T N
ULL (
AK
1.1
)
SiteF
ilterN
am
e: nvarc
har(
80)
NO
T N
ULL
Obje
ctT
ype
Obje
ctT
ype: tinyin
t N
OT
NU
LL
Obje
ctT
ypeD
esc: nvarc
har(
30)
NO
T N
ULL
Obje
ct
Obje
ctID
: in
t ID
EN
TIT
Y
Obje
ctT
ype: tinyin
t N
OT
NU
LL (
FK
) (I
E2.2
)
Obje
ctN
am
e: nvarc
har(
200)
NO
T N
ULL (
IE1.1
,IE
2.1
)
Obje
ctV
iew
Obje
ctID
: O
bje
ct.O
bje
ctID
: in
t ID
EN
TIT
Y
Obje
ctT
ype: O
bje
ct.O
bje
ctT
ype: tinyin
t N
OT
NU
LL
Obje
ctN
am
e: O
bje
ct.O
bje
ctN
am
e: nvarc
har(
200)
NO
T N
ULL
Obje
ctT
ypeD
esc: O
bje
ctT
ype.O
bje
ctT
ypeD
esc: nvarc
har(
30)
NO
T N
ULL
LastV
uln
Sta
tus
Vuln
Sta
tusD
esc: V
uln
Sta
tus.V
uln
Sta
tusD
esc: nvarc
har(
60)
NU
LL
Vuln
Sta
tus: V
uln
Sta
tus.V
uln
Sta
tus: tinyin
t N
OT
NU
LL
SiteF
ilterR
ule
s
SiteF
ilterR
ule
ID: in
t ID
EN
TIT
Y
SiteF
ilterI
D: in
t N
OT
NU
LL (
FK
)
SiteF
ilterS
tart
Date
: date
tim
e N
ULL
SiteF
ilterE
ndD
ate
: date
tim
e N
ULL
Begin
Src
Addre
ssIn
t: n
um
eric(1
0,0
) N
ULL (
IE1.1
)
EndS
rcA
ddre
ssIn
t: n
um
eric(1
0,0
) N
ULL (
IE2.1
)
Begin
DestA
ddre
ssIn
t: n
um
eric(1
0,0
) N
ULL (
IE3.1
)
EndD
estA
ddre
ssIn
t: n
um
eric(1
0,0
) N
ULL (
IE4.1
)
TagN
am
eIn
: varc
har(
900)
NU
LL (
IE5.1
)
TagN
am
eLik
e: varc
har(
60)
NU
LL (
IE6.1
)
Targ
etO
bje
ctN
am
eLik
e: varc
har(
200)
NU
LL (
IE7.1
)
Vuln
Sta
tusIn
: varc
har(
900)
NU
LL (
IE8.1
)
Targ
etO
bje
ctT
ype: tinyin
t N
ULL (
FK
)
Observ
anceT
ype: tinyin
t N
ULL (
FK
)
EventU
ser
EventU
serI
D: in
t ID
EN
TIT
Y
UserN
am
e: nvarc
har(
60)
NU
LL
Virtu
alS
enso
r
Virtu
alS
ensorI
D: in
t ID
EN
TIT
Y
Virtu
alS
ensorN
am
e: nvarc
har(
64)
NU
LL
VLan V
LanID
: in
t ID
EN
TIT
Y
VLan: nvarc
har(
64)
NU
LL
HostP
rote
ctionS
tatu
s
Targ
etID
: in
t N
OT
NU
LL
SecC
hkID
: in
t N
OT
NU
LL (
IE2.1
)
Observ
anceT
ime: date
tim
e N
OT
NU
LL
Severity
ID: tinyin
t N
OT
NU
LL
Observ
anceID
: big
int N
OT
NU
LL (
IE1.1
)
Fix
ed: tinyin
t N
OT
NU
LL
61Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Site Filters Schema
Schema The following diagram displays the Site Filters schema:
Site
Filt
erT
yp
e
Site
Filt
erT
yp
eID
: in
t
Site
Filt
erT
yp
e:
ch
ar(
2)
Site
Filt
erN
am
e:
nva
rch
ar(
80
)
Site
Filt
ers
Site
Filt
erI
D:
int
Site
Filt
erT
yp
eID
: in
t (F
K)
Site
Filt
erN
am
e:
nva
rch
ar(
60
)S
ite
Filt
erD
esc:
nte
xt
Fu
sio
nIg
no
reF
lag
: b
itD
ele
ted
: tin
yin
tC
rea
ted
By:
va
rch
ar(
60
)D
ate
Mo
difie
d:
da
tetim
e
Site
Filt
erR
ule
s
Site
Filt
erR
ule
ID:
int
Site
Filt
erI
D:
int
(FK
)
Site
Filt
erS
tart
Da
te:
da
tetim
eS
ite
Filt
erE
nd
Da
te:
da
tetim
eB
eg
inS
rcA
dd
ressIn
t: n
um
eric(1
0,0
)E
nd
Src
Ad
dre
ssIn
t: n
um
eric(1
0,0
)B
eg
inD
estA
dd
ressIn
t: n
um
eric(1
0,0
)E
nd
De
stA
dd
ressIn
t: n
um
eric(1
0,0
)T
ag
Na
me
In:
va
rch
ar(
90
0)
Ta
gN
am
eL
ike
: va
rch
ar(
60
)T
arg
etO
bje
ctN
am
eL
ike
: va
rch
ar(
20
0)
Vu
lnS
tatu
sIn
: va
rch
ar(
90
0)
Ta
rge
tOb
jectT
yp
e:
tin
yin
t (F
K)
Ob
se
rva
nce
Typ
e:
tin
yin
t (F
K)
Ob
se
rva
nce
Site
Filt
ers
Ob
se
rva
nce
ID:
big
int
Site
Filt
erR
ule
ID:
int
(FK
)S
ite
Filt
erI
D:
int
(FK
)
Ob
se
rva
nce
Site
Filt
ers
Vie
w
Ob
se
rva
nce
ID:
Ob
se
rva
nce
Site
Filt
ers
.Ob
se
rva
nce
ID:
big
int
NO
T N
UL
LS
ite
Filt
erI
D:
Ob
se
rva
nce
Site
Filt
ers
.Site
Filt
erI
D:
int
NO
T N
UL
LS
ite
Filt
erT
yp
e:
Site
Filt
erT
yp
e.S
ite
Filt
erT
yp
e:
ch
ar(
2)
NO
T N
UL
LS
ite
Filt
erN
am
e:
Site
Filt
ers
.Site
Filt
erN
am
e:
nva
rch
ar(
60
) N
UL
LS
ite
Filt
erD
esc:
<co
nve
rt(v
arc
ha
r(4
00
0..
.>C
rea
ted
By:
Site
Filt
ers
.Cre
ate
dB
y:
va
rch
ar(
60
) N
UL
L
Site
Filt
erV
iew
Site
Filt
erI
D:
Site
Filt
ers
.Site
Filt
erI
D:
int
IDE
NT
ITY
Site
Filt
erR
ule
ID:
Site
Filt
erR
ule
s.S
ite
Filt
erR
ule
ID:
int
IDE
NT
ITY
Site
Filt
erT
yp
eID
: S
ite
Filt
ers
.Site
Filt
erT
yp
eID
: in
t N
UL
LS
ite
Filt
erT
yp
e:
Site
Filt
erT
yp
e.S
ite
Filt
erT
yp
e:
ch
ar(
2)
NO
T N
UL
LS
ite
Filt
erN
am
e:
Site
Filt
ers
.Site
Filt
erN
am
e:
nva
rch
ar(
60
) N
UL
LS
ite
Filt
erS
tart
Da
te:
Site
Filt
erR
ule
s.S
ite
Filt
erS
tart
Da
te:
da
tetim
e N
UL
LS
ite
Filt
erE
nd
Da
te:
Site
Filt
erR
ule
s.S
ite
Filt
erE
nd
Da
te:
da
tetim
e N
UL
LB
eg
inS
rcA
dd
ressIn
t: S
ite
Filt
erR
ule
s.B
eg
inS
rcA
dd
ressIn
t: n
um
eric(1
0,0
) N
UL
LE
nd
Src
Ad
dre
ssIn
t: S
ite
Filt
erR
ule
s.E
nd
Src
Ad
dre
ssIn
t: n
um
eric(1
0,0
) N
UL
LB
eg
inD
estA
dd
ressIn
t: S
ite
Filt
erR
ule
s.B
eg
inD
estA
dd
ressIn
t: n
um
eric(1
0,0
) N
UL
LE
nd
De
stA
dd
ressIn
t: S
ite
Filt
erR
ule
s.E
nd
De
stA
dd
ressIn
t: n
um
eric(1
0,0
) N
UL
LT
ag
Na
me
In:
Site
Filt
erR
ule
s.T
ag
Na
me
In:
va
rch
ar(
90
0)
NU
LL
Ta
gN
am
eL
ike
: S
ite
Filt
erR
ule
s.T
ag
Na
me
Lik
e:
va
rch
ar(
60
) N
UL
LT
arg
etO
bje
ctN
am
eL
ike
: S
ite
Filt
erR
ule
s.T
arg
etO
bje
ctN
am
eL
ike
: va
rch
ar(
20
0)
NU
LL
Vu
lnS
tatu
sIn
: S
ite
Filt
erR
ule
s.V
uln
Sta
tusIn
: va
rch
ar(
90
0)
NU
LL
Ta
r ge
tOb
jectT
yp
e:
Site
Filt
erR
ule
s.T
arg
etO
bje
ctT
yp
e:
tin
yin
t N
UL
L
62
Staging and Rejects Schema
Staging and Rejects Schema
Schema The following table displays the Staging and Rejects schema:
Stg
Work
ingS
et
SetID
: sm
alli
nt N
OT
NU
LL
EC
_H
ost: v
arc
har(
60)
NU
LL
EC
_G
UID
: varc
har(
60)
NU
LL
LastC
onnectT
ime: date
tim
e N
ULL
ConnectionE
rrorN
um
ber:
int N
ULL
Reje
ctM
etr
ics
SiteID
: in
t N
ULL
SP
Gro
upID
: in
t N
OT
NU
LL
SecC
hkID
: in
t N
OT
NU
LL
Severity
ID: in
t N
OT
NU
LL
Metr
icsT
ypeID
: in
t N
OT
NU
LL
Metr
icsD
ay: date
tim
e N
OT
NU
LL
Vuln
Sta
tus: in
t N
OT
NU
LL
Counts
: in
t N
OT
NU
LL
wrk
_O
bserv
ance
s
ObsID
: big
int N
ULL
ObsT
ime: date
tim
e N
ULL
ObsT
ype: tinyin
t N
ULL
ObsS
ecC
hkID
: in
t N
ULL
ObsS
everity
ID: tinyin
t N
ULL
ObsS
ensorI
D: in
t N
ULL
ObsS
ourc
eID
: in
t N
ULL
ObsT
arg
etID
: in
t N
ULL
ObsO
bje
ctID
: in
t N
ULL
ObsV
uln
Sta
tus: tinyin
t N
ULL
Action: char(
1)
NU
LL
ObsC
ount: int N
ULL
ObsC
leare
dC
ount: int N
ULL
CheckS
um
ID: in
t N
ULL
ObsV
LA
NID
: in
t N
ULL
ObsV
irtu
alS
ensorI
D: in
t N
ULL
ObsE
ventU
serI
D: in
t N
ULL
SensorD
ata
Reje
cte
d
Row
ID: big
int N
OT
NU
LL
SensorD
ata
ID: big
int N
OT
NU
LL (
IE1.1
)
Ale
rtN
am
e: nvarc
har(
60)
NU
LL
Ale
rtD
ate
Tim
e: date
tim
e N
ULL
Ale
rtID
: char(
26)
NU
LL
SensorN
am
e: nvarc
har(
100)
NU
LL
Pro
ductID
: sm
alli
nt N
ULL
Ale
rtT
ypeID
: sm
alli
nt N
ULL
Ale
rtP
riority
: tinyin
t N
ULL
Ale
rtF
lags: in
t N
ULL
SensorA
ddre
ssIn
t: n
um
eric(1
0)
NU
LL
Src
Addre
ssIn
t: n
um
eric(1
0)
NU
LL
DestA
ddre
ssIn
t: n
um
eric(1
0)
NU
LL
Pro
tocolID
: sm
alli
nt N
ULL
Sourc
eP
ort
: in
t N
ULL
Obje
ctN
am
e: nvarc
har(
2000)
NU
LL
Obje
ctT
ype: tinyin
t N
ULL
Sourc
eP
ort
Nam
e: nvarc
har(
60)
NU
LL
DestP
ort
Nam
e: nvarc
har(
60)
NU
LL
Pro
cessin
gF
lag: tinyin
t N
ULL
Cle
are
d: char(
1)
NU
LL
HostG
UID
: varc
har(
36)
NU
LL
HostD
NS
Nam
e: nvarc
har(
254)
NU
LL
HostN
BN
am
e: nvarc
har(
20)
NU
LL
HostN
BD
om
ain
: nvarc
har(
255)
NU
LL
HostO
SN
am
e: nvarc
har(
64)
NU
LL
HostO
SV
ers
ion: nvarc
har(
32)
NU
LL
HostO
SR
evis
ionLevel: v
arc
har(
32)
NU
LL
Vuln
Sta
tus: tinyin
t N
ULL
Ale
rtC
ount: int N
ULL
Observ
anceID
: big
int N
ULL
OS
Gro
upID
: tinyin
t N
ULL
Com
ponentID
: in
t N
ULL
SensorG
UID
: varc
har(
36)
NU
LL
Lic
Module
: varc
har(
100)
NU
LL
Reje
ctR
eason: varc
har(
200)
NU
LL
SD
AV
PR
eje
cte
d
SensorD
ata
ID: big
int N
OT
NU
LL (
IE1.1
)
Attribute
Nam
e: nvarc
har(
50)
NU
LL
Attribute
Data
Type: tinyin
t N
ULL
Attribute
Valu
e: nvarc
har(
2000)
NU
LL
Attribute
Blo
b: nte
xt N
ULL
SD
ResponseR
eje
cte
d
SensorD
ata
ID: big
int N
OT
NU
LL (
IE1.1
)
ResponseT
ypeN
am
e: varc
har(
32)
NU
LL
ResponseN
am
e: nvarc
har(
32)
NU
LL
wrk
_S
ensorD
ata
Row
ID: big
int N
OT
NU
LL
SensorD
ata
ID: big
int N
OT
NU
LL
Ale
rtN
am
e: nvarc
har(
60)
NU
LL
Ale
rtD
ate
Tim
e: date
tim
e N
ULL
SensorN
am
e: nvarc
har(
100)
NU
LL
Pro
ductID
: sm
alli
nt N
ULL
Ale
rtT
ypeID
: sm
alli
nt N
ULL
Ale
rtP
riority
: tinyin
t N
ULL
Ale
rtF
lags: in
t N
ULL
SensorA
ddre
ssIn
t: n
um
eric(1
0)
NU
LL
Src
Addre
ssIn
t: n
um
eric(1
0)
NU
LL
DestA
ddre
ssIn
t: n
um
eric(1
0)
NU
LL
Obje
ctN
am
e: nvarc
har(
2000)
NU
LL
Obje
ctT
ype: tinyin
t N
ULL
Pro
cessin
gF
lag: tinyin
t N
ULL
Cle
are
d: char(
1)
NU
LL
HostG
UID
: varc
har(
36)
NU
LL
HostD
NS
Nam
e: nvarc
har(
254)
NU
LL
HostN
BN
am
e: nvarc
har(
20)
NU
LL
HostN
BD
om
ain
: nvarc
har(
255)
NU
LL
HostO
SN
am
e: nvarc
har(
64)
NU
LL
HostO
SV
ers
ion: nvarc
har(
32)
NU
LL
HostO
SR
evis
ionLevel: v
arc
har(
32)
NU
LL
Vuln
Sta
tus: tinyin
t N
ULL
Ale
rtC
ount: int N
ULL
Observ
anceID
: big
int N
ULL
OS
Gro
upID
: tinyin
t N
ULL
Com
ponentID
: in
t N
ULL
SensorG
UID
: varc
har(
36)
NU
LL
Lic
Module
: varc
har(
100)
NU
LL
SecC
hkID
: in
t N
ULL
DstH
ostID
: in
t N
ULL
Src
HostID
: in
t N
ULL
Obje
ctID
: in
t N
ULL
Reje
ctR
eason: varc
har(
200)
NU
LL
Ale
rtID
: char(
26)
NU
LL
VLanID
: in
t N
ULL
VLan: nvarc
har(
64)
NU
LL
Virtu
alS
ensorI
D: in
t N
ULL
Virtu
alS
ensorN
am
e: nvarc
har(
64)
NU
LL
EventU
serI
D: in
t N
ULL
UserN
am
e: nvarc
har(
64)
NU
LL
stg
SensorD
ata
Set
SetID
: in
t N
OT
NU
LL
LastR
ow
Loaded: big
int N
ULL
63Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Statistics Schema
Schema The following diagram displays the Statistics schema:
Sta
tCa
teg
ory
Sta
tCa
teg
ory
ID:
int
NO
T N
UL
L
Na
me
: n
va
rch
ar(
20
0)
NO
T N
UL
L
Sta
tNa
me
Sta
tNa
me
ID:
int
NO
T N
UL
L
LM
Na
me
: n
va
rch
ar(
20
0)
NO
T N
UL
L
Dis
pla
yN
am
e:
nva
rch
ar(
20
0)
NO
T N
UL
L
Sta
tCa
tAtt
Sta
tAtt
rib
ute
ID:
int
NO
T N
UL
L (
FK
)
Sta
tCa
teg
ory
ID:
int
NO
T N
UL
L (
FK
)
Sta
tistic
Sta
tCa
teg
ory
ID:
int
NO
T N
UL
L (
FK
)
Sta
tNa
me
ID:
int
NO
T N
UL
L (
FK
)
Sta
tAtt
rib
ute
ID:
int
NO
T N
UL
L (
FK
)
Da
teU
pd
ate
d:
da
tetim
e N
UL
L
Va
lue
: n
va
rch
ar(
20
00
) N
UL
L
Site
ID:
int
NU
LL
Sta
tAtt
rib
ute
Sta
tAtt
rib
ute
ID:
int
NO
T N
UL
L
Da
taT
yp
e:
va
rch
ar(
20
) N
OT
NU
LL
Na
me
: n
va
rch
ar(
20
0)
NO
T N
UL
L
Lic
en
se
Lic
en
se
ID:
int
IDE
NT
ITY
Na
me
: n
va
rch
ar(
50
) N
UL
L
Bin
ary
Da
taID
: in
t N
UL
L (
FK
)
Fe
atu
res:
nva
rch
ar(
50
) N
UL
L
Fe
atu
reD
escrip
tio
n:
nva
rch
ar(
10
0)
NU
LL
De
vic
eC
ou
nt:
in
t N
UL
L
Ma
inte
na
nce
Da
te:
va
rch
ar(
40
) N
UL
L
Exp
ire
Da
te:
va
rch
ar(
40
) N
UL
L
Sta
te:
tin
yin
t N
UL
L
Sta
teD
escrip
tio
n:
va
rch
ar(
51
2)
NU
LL
Lic
en
se
Typ
e:
tin
yin
t N
OT
NU
LL
Ke
yS
trin
g:
va
rch
ar(
50
) N
UL
L
Sta
tNa
me
ID:
int
NU
LL
(F
K)
Lic
Co
nta
ctI
nfo
GU
ID:
nva
rch
ar(
40
) N
UL
L (
FK
)
Lic
GU
ID:
nva
rch
ar(
40
) N
UL
L
De
scrip
tio
n:
nva
rch
ar(
10
0)
NU
LL
Ne
wL
ice
nse
ID:
int
NU
LL
(F
K)
Lic
Co
nta
ctI
nfo
Lic
Co
nta
ctI
nfo
GU
ID:
nva
rch
ar(
40
) N
OT
NU
LL
Su
bje
ctN
am
e:
nva
rch
ar(
25
5)
NO
T N
UL
L
Title
: n
va
rch
ar(
10
0)
NU
LL
Co
mp
an
yN
am
e:
nva
rch
ar(
25
5)
NU
LL
Ad
dre
ss1
: n
va
rch
ar(
25
5)
NU
LL
Ad
dre
ss2
: n
va
rch
ar(
25
5)
NU
LL
City:
nva
rch
ar(
10
0)
NU
LL
Sta
te:
nva
rch
ar(
50
) N
UL
L
Po
stC
od
e:
nva
rch
ar(
40
) N
UL
L
Co
un
try:
nva
rch
ar(
60
) N
UL
L
Em
ail:
nva
rch
ar(
25
5)
NU
LL
Ad
ditio
na
lIn
fo:
nva
rch
ar(
25
5)
NU
LL
Lic
Co
nsq
Me
ssa
ge
Sta
tNa
me
ID:
int
NO
T N
UL
L
Ph
ase
: in
t N
OT
NU
LL
Mo
de
: ch
ar(
10
) N
OT
NU
LL
Me
ssa
ge
: n
text
NU
LL
Ho
sts H
ostI
D:
int
IDE
NT
ITY
Ho
stI
pA
dd
ress:
va
rch
ar(
47
) N
UL
L
Ho
stD
NS
Na
me
: N
VA
RC
HA
R(2
54
) N
UL
L
Ho
stN
BN
am
e:
NV
AR
CH
AR
(16
) N
UL
L
Ho
stN
BD
om
ain
: n
va
rch
ar(
16
) N
UL
L
Ho
stO
SN
am
e:
nva
rch
ar(
64
) N
UL
L
Ho
stO
SV
ers
ion
: n
va
rch
ar(
32
) N
UL
L
Ho
stO
SR
evis
ion
Le
ve
l: v
arc
ha
r(3
2)
NU
LL
Ho
stO
wn
er:
nva
rch
ar(
50
) N
UL
L
Da
teH
ostA
dd
ed
: d
ate
tim
e N
OT
NU
LL
GU
ID:
va
rch
ar(
36
) N
UL
L
Ho
stI
PN
br:
nu
me
ric(1
0)
NO
T N
UL
L
Ma
cA
dd
ress:
ch
ar(
17
) N
UL
L
Da
teH
ostU
pd
ate
d:
da
tetim
e N
OT
NU
LL
OS
Gro
up
ID:
int
NU
LL
(F
K)
ISS
ca
nD
ate
: d
ate
tim
e N
UL
L
Sta
tNa
me
ID:
int
NU
LL
64
X-Force Schema
X-Force Schema
Schema The following diagram displays the X-force schema:
Pro
toco
ls
Pro
toco
lID
: in
t N
OT
NU
LL
Pro
toco
lNa
me
: va
rch
ar(
40
) N
OT
NU
LL
Pro
toco
lDe
sc:
va
rch
ar(
25
5)
NU
LL
Se
rvic
es
Se
rvic
eID
: in
t N
OT
NU
LL
Se
rvic
eN
am
e:
nva
rch
ar(
64
) N
OT
NU
LL
(A
K1
.1)
Se
rvic
eP
roto
co
l: v
arc
ha
r(2
0)
NO
T N
UL
L (
AK
1.2
)
Se
rvR
FC
Po
rt:
int
NU
LL
(A
K1
.3)
Se
rvB
rie
fDe
sc:
nva
rch
ar(
25
5)
NU
LL
Ch
eckS
erv
ice
s
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Se
rvic
eID
: in
t N
OT
NU
LL
(F
K)
Pla
tfo
rmT
yp
es
Pla
tfo
rmT
yp
eID
: in
t N
OT
NU
LL
Pla
tfo
rmT
yp
eN
am
e:
va
rch
ar(
50
) N
UL
L (
AK
1.1
)
Pla
tfo
rmT
yp
eD
esc:
nva
rch
ar(
25
5)
NU
LL
Pla
tfo
rms
Pla
tfo
rmID
: in
t N
OT
NU
LL
Pla
tfo
rmN
am
e:
va
rch
ar(
40
) N
OT
NU
LL
(IE
1.1
)
Pla
tfo
rmV
ers
ion
: va
rch
ar(
20
) N
UL
L
Pla
tfo
rmM
fg:
va
rch
ar(
50
) N
UL
L
Pla
tfo
rmT
yp
eID
: in
t N
UL
L (
FK
)
Re
lea
se
Da
te:
da
tetim
e N
UL
L
Ch
eckP
latf
orm
s
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Pla
tfo
rmID
: in
t N
OT
NU
LL
(F
K)
Ch
kP
latf
orm
Co
mm
en
t: n
va
rch
ar(
25
5)
NU
LL
Fm
tRe
me
dyD
esc:
nte
xt
NU
LL
Re
me
dyD
esc:
nte
xt
NU
LL
Ch
eckC
ate
go
rie
s
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Ca
teg
ory
ID:
int
NO
T N
UL
L (
FK
)
Ca
teg
ory
Gro
up
Ca
tGro
up
ID:
int
NO
T N
UL
L
Ca
tGro
up
Na
me
: va
rch
ar(
40
) N
UL
L (
AK
1.1
)
Ca
tGro
up
De
sc:
nte
xt
NU
LL
Ca
teg
orie
s
Ca
teg
ory
ID:
int
NO
T N
UL
L
Ca
tGro
up
ID:
int
NO
T N
UL
L (
FK
)
Ca
teg
ory
Na
me
: va
rch
ar(
40
) N
UL
L
Ca
teg
ory
De
sc:
nte
xt
NU
LL
Se
cu
rity
Ch
ecks
Se
cC
hkID
: in
t N
OT
NU
LL
Ta
gN
am
e:
va
rch
ar(
60
) N
OT
NU
LL
(A
K1
.1)
Ch
kN
am
e:
va
rch
ar(
40
) N
OT
NU
LL
Ch
kB
rie
fDe
sc:
NV
AR
CH
AR
(25
5)
NU
LL
Ch
kD
eta
ilDe
sc:
nte
xt
NU
LL
Ch
kD
ate
Re
po
rte
d:
da
tetim
e N
UL
L
Ch
kD
ate
En
tere
d:
da
tetim
e N
UL
L
Ch
kD
ate
Ch
an
ge
d:
da
tetim
e N
UL
L
Ite
mA
ffe
cte
d:
nva
rch
ar(
25
5)
NU
LL
Dis
co
ve
rer:
nva
rch
ar(
25
5)
NU
LL
Co
nse
qN
am
e:
va
rch
ar(
20
) N
UL
L
Co
nse
qB
rie
fDe
sc:
nva
rch
ar(
25
5)
NU
LL
Co
nse
qD
eta
ilDe
sc:
nte
xt
NU
LL
Ob
so
lete
: b
it N
OT
NU
LL
Re
pla
ce
dB
y:
int
NU
LL
Vu
lnS
tatu
s:
bit N
OT
NU
LL
Exte
rna
lRe
fere
nce
s
ExtR
efI
D:
int
NO
T N
UL
L
Se
cC
hkID
: in
t N
UL
L (
FK
)
Exte
rna
lRe
fere
nce
: n
va
rch
ar(
25
5)
NU
LL
Title
: va
rch
ar(
25
5)
NU
LL
So
urc
e:
va
rch
ar(
10
0)
NU
LL
Pre
ferr
ed
Re
f: b
it N
OT
NU
LL
Re
me
die
s
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Re
me
dyD
esc:
nte
xt
NU
LL
Re
me
dyL
oca
tio
n:
va
rch
ar(
50
) N
UL
L
Mo
reIn
fo:
va
rch
ar(
50
) N
UL
L
Eff
ort
InH
ou
rs:
int
NU
LL
Lo
ca
lLo
ca
tio
n:
va
rch
ar(
50
) N
UL
L
Fm
tRe
me
dyD
esc:
nte
xt
NU
LL
UD
Se
cu
rity
Ch
ecks
UD
Se
cC
hkID
: in
t ID
EN
TIT
Y(5
00
00
0,1
)
Ta
gN
am
e:
va
rch
ar(
60
) N
OT
NU
LL
(IE
1.1
)
Ch
kN
am
e:
va
rch
ar(
40
) N
UL
L
Ch
kB
rie
fDe
sc:
va
rch
ar(
25
5)
NU
LL
Ch
kD
eta
ilDe
sc:
text
NU
LL
Co
nse
qD
eta
ilDe
sc:
text
NU
LL
Ta
rge
tStr
ing
: va
rch
ar(
60
) N
UL
L
Co
nte
xt:
va
rch
ar(
60
) N
UL
L
Pro
du
cts
Pro
du
ctI
D:
int
NO
T N
UL
L
Pro
dN
am
e:
nva
rch
ar(
40
) N
UL
L
Pro
du
ctV
ers
ion
s
Pro
dV
erI
D:
int
NO
T N
UL
L
Pro
dID
: in
t N
OT
NU
LL
(F
K)
Pro
dV
ers
ion
: n
va
rch
ar(
15
) N
UL
L
Ch
eckP
rod
ucts
Ch
eckP
rod
uctI
D:
int
NO
T N
UL
L
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
(IE
1.2
)
Pro
dV
erI
D:
int
NO
T N
UL
L (
FK
) (I
E1
.1)
Co
mm
en
t: v
arc
ha
r(4
00
0)
NU
LL
Fa
lse
Ne
ga
tive
: n
text
NU
LL
Fa
lse
Po
sitiv
e:
nte
xt
NU
LL
Pro
du
ctC
he
ckN
am
e:
va
rch
ar(
12
0)
NU
LL
Alg
orith
mID
: in
t N
UL
L (
FK
)
Vu
lnS
tatu
s:
bit N
UL
L
Ch
eckO
SG
rou
p
OS
Gro
up
ID:
int
NO
T N
UL
L (
FK
)
Se
cC
hkID
: in
t N
OT
NU
LL
(F
K)
Co
rre
latio
nIn
fo
RS
Ch
eckP
rod
uctI
D:
int
NO
T N
UL
L (
FK
)
Sca
nn
erP
rod
uctI
D:
int
NO
T N
UL
L (
FK
)
Ro
leN
um
be
r: in
t N
OT
NU
LL
OS
Gro
up
OS
Gro
up
ID:
int
NO
T N
UL
L
OS
Gro
up
Na
me
: va
rch
ar(
12
0)
NO
T N
UL
L
VL
an V
La
nID
: in
t ID
EN
TIT
Y
VL
an
: n
va
rch
ar(
64
) N
UL
L
Virtu
alS
en
so
r
Virtu
alS
en
so
rID
: in
t ID
EN
TIT
Y
Virtu
alS
en
so
rNa
me
: n
va
rch
ar(
64
) N
UL
L
Eve
ntU
se
r
Eve
ntU
se
rID
: in
t ID
EN
TIT
Y
Use
rNa
me
: n
va
rch
ar(
60
) N
UL
L
65Technical Reference Guide Version 2.0, SP5
Appendix A: Database Schema
Complete Database Schema
Schema The following diagram displays a high-level overview of the entire database schema:
AuditIn
foA
uditT
rail
AuditE
ventC
MD
DB
Su
bC
om
ponent
DB
Co
mp
onent
SiteR
an
ge
Pro
tocols
Serv
ices
CheckS
erv
ices
Pla
tform
Typ
es
Pla
tform
s
CheckP
latform
s
CheckC
ate
gories
Cate
go
ryG
rou
p
Ca
teg
ories
Vuln
Sta
tus
Err
orM
essa
ge
Bin
ary
Data
SensorH
ost
Stg
Work
ing
Set
Observ
anceT
yp
e
Severity
Observ
ances
Observ
anceC
olu
mn
Role
Co
mp
onent
Gro
up
Vie
w
Gro
up
s
Gro
up
HostL
inks
Schedule
ActionJob
ActionD
eta
ils
Polic
y
Security
Checks
Hosts
Exte
rnalR
efe
rences
Vers
ion
Rem
edie
sU
DS
ecurity
Checks
SensorD
ata
Le
ga
cy
SensorD
ata
AV
PLe
ga
cy
SensorD
ata
Resp
onseLe
ga
cy
Ale
rtT
yp
e
Ale
rtC
ate
gory
Sourc
eH
ost
Ta
rgetH
ost
SiteF
ilters
Err
orS
everity
Messa
geLo
g
Pro
ducts
Pro
ductV
ers
ions
CheckP
roducts
Re
sp
onse
Lic
ense
wrk
_O
bserv
ances
Sites
Users
Users
Gro
up
s
Users
Sites
Gro
up
Typ
es
HostC
ounts
Re
jectM
etr
ics
Metr
ics
Metr
icsD
ay
Metr
icsT
yp
e
Gro
up
sP
are
ntC
hild
JobT
yp
es
Tasks
Ale
rtT
yp
eV
iew
Vers
ionU
pdate
s
SiteF
ilterT
yp
eObserv
anceS
iteF
ilters
Observ
anceS
iteF
ilters
Vie
w
Obje
ctT
yp
e
Obje
ct
Obje
ctV
iew
LastV
uln
Sta
tus
Ratin
gS
et
Ratin
gA
ttribute
Ratin
gA
ttribute
Code
Alg
orith
mR
atin
g
Alg
orith
m
SiteF
ilterR
ule
s
SiteF
ilterV
iew
Sta
tCate
gory
Sta
tNam
e
Sta
tCatA
tt
Sta
tistic
Sta
tAttribute
Gro
up
Rule
Gro
up
Polic
y
Gro
up
Rule
Typ
e
Bin
ary
Data
Typ
e
Ratin
g
Un
Gro
up
edH
osts
UnG
rou
pedS
tatu
s
CheckO
SG
rou
p
Corr
ela
tionIn
fo
Lic
Conta
ctInfo
Deskto
pA
gentV
ers
ion
Polic
yV
ers
ion
Re
sp
onseV
ers
ion
Lic
Consq
Messa
ge
Up
date
Sta
tus
Up
date
Op
era
tionS
tatu
sU
pdate
Ste
pS
tatu
s
OS
Gro
up
RS
DB
Op
tionsM
ain
tenanceLo
g
Analy
sis
Lo
g
Co
mp
onentD
ocum
ent
Na
me
sp
ace
Gro
up
Docum
ent
stg
_R
OL
Re
port
Insta
nce
SensorD
ata
AV
P1
SensorD
ata
1
SensorD
ata
Resp
on
se
1
SensorD
ata
Re
jecte
d
SD
AV
PR
eje
cte
dS
DR
esp
onseR
eje
cte
d
SensorD
ata
wrk
_S
ensorD
ata
SensorD
ata
AV
P
SensorD
ata
Resp
onse
VL
an
Virtu
alS
enso
r
EventU
se
r
Pro
tectionC
hecks
Pro
tectionC
hecksV
iew
stg
SensorD
ata
Set
HostP
rote
ctionS
tatu
s
66
Index
debug logs 40
aActive Directory 26application serverdebug logs 20–21
cconventions, typographical
in commands viiin procedures viiin this manual vii
ddebug logs
application server 20–21application server, log4j 29installation 23issDaemon 20See also Sensor Controller Diagnostics consolesensor controller 32–34sensor controller, log4j 29setting up 5SiteProtector database 22SiteProtector database, installation 24X-Press Update 25
Desktop Controllerlogs 48
eEvent Collector
debug logs 35
iinstallation
logs 23Internet Scanner
debug logs 39Internet Scanner Databridge
Technical Reference Guide Version 2.0, SP5
Internet Security Systemstechnical support viiiWeb site viii
llogging level
application server 20Desktop Protection 48sensor controler 32X-Press Update 25
logsdatabase 22Desktop Controller
Desktop Protection 48installation 23levels 29log4j application server 28log4j server sensor 28sensor controller 32
A-Series Appliance 41Desktop Controller 37event collector 17Gigabit network sensor 44G-Series Appliance 42Internet Scanner 39Internet Scanner Databridge 40network sensor 43server sensor 45SiteProtector core 34SiteProtector database 33SiteProtector Third Party Module 46
viewing 17, 22, 24, 28X-Press Update 25
logs, debugSee debug logs
sschema
auditing and diagnostics 55command and control 56complete database schema 66grouping 56–57
67
Index
ITRSO 58metrics 59sensor data 60site analysis 61site filters 62staging and rejects 63statistics 64X-Force 65
sensor controllerdebug logs 32–34
Sensor Controller Diagnostics consolestarting 2
SiteProtectorThird Party Module 46
SiteProtector databasedebug logs 22installation logs 24
ttechnical support, Internet Security Systems viiitypographical conventions vii
wWeb site, Internet Security Systems viii
xX-Press Updates
debug logs 25
68
Internet Security Systems, Inc. Software License AgreementTHIS SOFTWARE PRODUCT IS PROVIDED IN OBJECT CODE AND IS LICENSED, NOT SOLD. BY INSTALLING, ACTIVATING, COPYING OR OTHERWISE USING THIS SOFTWARE PRODUCT, YOU AGREE TO ALL OF THE PROVISIONS OF THIS SOFTWARE LICENSE AGREEMENT (“LICENSE”). IF YOU ARE NOT WILLING TO BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF THE SOFTWARE PRODUCT AND LICENSE KEYS TO ISS WITHIN FIFTEEN (15) DAYS OF RECEIPT FOR A FULL REFUND OF ANY PAID LICENSE FEE. IF THE SOFTWARE PRODUCT WAS OBTAINED BY DOWNLOAD, YOU MAY CERTIFY DESTRUCTION OF ALL COPIES AND LICENSE KEYS IN LIEU OF RETURN.1. License - Upon payment of the applicable fees, Internet Security Systems, Inc. (“ISS”) grants to you as the only end user (“Licensee”) a nonexclusive and non-
transferable, limited license for the accompanying ISS software product and the related documentation (“Software”) and the associated license key(s) for use only on the specific network configuration, for the number and type of devices, and for the time period (“Term”) that are specified in ISS’ quotation and Licensee’s pur-chase order, as accepted by ISS. ISS limits use of Software based upon the number of nodes, users and/or the number and type of devices upon which it may be installed, used, gather data from, or report on, depending upon the specific Software licensed. A device includes any network addressable device connected to Licensee’s network, including remotely, including but not limited to personal computers, workstations, servers, routers, hubs and printers. A device may also include ISS hardware delivered with pre-installed Software and the license associated with such shall be a non-exclusive, nontransferable, limited license to use such pre-installed Software only in conjunction with the ISS hardware with which it is originally supplied and only during the usable life of such hardware. Except as provided in the immediately preceding sentence, Licensee may reproduce, install and use the Software on multiple devices, provided that the total number and type are authorized by ISS. Licensee acknowledges that the license key provided by ISS may allow Licensee to reproduce, install and use the Software on devices that could exceed the number of devices licensed hereunder. Licensee shall implement appropriate safeguards and controls to prevent loss or disclosure of the license key and unauthorized or unlicensed use of the Software. Licensee may make a reasonable number of backup copies of the Software and the asso-ciated license key solely for archival and disaster recovery purposes. In connection with certain Software products, ISS licenses security content on a subscrip-tion basis for a Term and provides Licensee with a license key for each such subscription. Content subscriptions are licensed pursuant to this License based upon the number of protected nodes or number of users. Security content is regularly updated and includes, but is not limited to, Internet content (URLs) and spam signatures that ISS classifies, security algorithms, checks, decodes, and ISS’ related analysis of such information, all of which ISS regards as its confiden-tial information and intellectual property. Security content may only be used in conjunction with the applicable Software in accordance with this License. The use or re-use of such content for commercial purposes is prohibited. Licensee’s access to the security content is through an Internet update using the Software. In addition, unknown URLs may be automatically forwarded to ISS through the Software, analyzed, classified, entered in to ISS’ URL database and provided to Lic-ensee as security content updates at regular intervals. ISS’ URL database is located at an ISS facility or as a mirrored version on Licensee’s premises. Any access by Licensee to the URL database that is not in conformance with this License is prohibited. Upon expiration of the security content subscription Term, unless Licensee renews such content subscription, Licensee shall implement appropriate system configuration modifications to terminate its use of the content subscription. Upon expiration of the license Term, Licensee shall cease using the Software and certify return or destruction of it upon request.
2. Migration Utilities – For Software ISS markets or sells as a Migration Utility, the following shall apply. Provided Licensee holds a valid license to the ISS Software to which the Migration Utility relates (the “Original Software”), ISS grants to Licensee as the only end user a nonexclusive and nontransferable, limited license to the Migration Utility and the related documentation (“Migration Utility”) for use only in connection with Licensee’s migration of the Original Software to the replace-ment software, as recommended by ISS in the related documentation. The Term of this License is for as long as Licensee holds a valid license to the applicable Original Software. Licensee may reproduce, install and use the Migration Utility on multiple devices in connection with its migration from the Original Software to the replacement software. Licensee shall implement appropriate safeguards and controls to prevent unlicensed use of the Migration Utility. Licensee may make a reasonable number of backup copies of the Migration Utility solely for archival and disaster recovery purposes.
3. Third-party Products - Use of third party product(s) supplied hereunder, if any, will be subject solely to the manufacturer’s terms and conditions that will be pro-vided to Licensee upon delivery. ISS will pass any third party product warranties through to Licensee to the extent authorized. If ISS supplies Licensee with Crys-tal Decisions Runtime Software, then the following additional terms apply: Licensee agrees not to alter, disassemble, decompile, translate, adapt or reverse-engineer the Runtime Software or the report file (.RPT) format, or to use, distribute or integrate the Runtime Software with any general-purpose report writing, data analysis or report delivery product or any other product that performs the same of similar functions as Crystal Decisions’ product offerings; Licensee agrees not to use the Software to create for distribution a product that converts the report file (.RPT) format to an alternative report file format used by any general-pur-pose report writing, data analysis or report delivery product that is not the property of Crystal Decisions; Licensee agrees not to use the Runtime Software on a rental or timesharing basis or to operate a service bureau facility for the benefit of third–parties unless Licensee first acquires an Application Service Provider License from Crystal Decisions; Licensee may not use the Software or Runtime Software by itself or as part of a system to regularly deliver, distribute or share Reports outside of the Runtime Software environment: (a) to more than fifty (50) end users directly, or (b) to a location that is accessible to more than 50 end users without obtaining an additional license from Crystal Decisions; CRYSTAL DECISIONS AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESS, OR IMPLIED, INCLUDING WITHOUT LIMITATION THE WARRANTIES OF MERCHANTABILITY, FIRNESS FOR A PARTICULAR PURPOSE, AND NONIN-FRINGEMENT OF THIRD PARTY RIGHTS. CRYSTAL DECISIONS AND ITS SUPPLIERS SHALL HAVE NO LIABILITY WHATSOEVER UNDER THIS AGREEMENT OR IN CONNECTION WITH THE SOFTWARE. In this section 3 “Software” means the Crystal Reports software and associated documentation supplied by ISS and any updates, additional modules, or additional software provided by Crystal Decisions in connection therewith; it includes Crystal Decisions’ Design Tools, Report Application Server and Runtime Software, but does not include any promotional software of other software products provided in the same package, which shall be governed by the online software license agreements included with such promotional software or software product.
4. Beta License – If ISS is providing Licensee with the Software, security content and related documentation as a part of an alpha or beta test, the following terms of this Section 4 additionally apply and supercede any conflicting provisions herein or any other license agreement accompanying, contained or embedded in the subject Beta Software or any associated documentation. ISS grants to Licensee a nonexclusive, nontransferable, limited license to use the ISS alpha/prototype software program, security content, if any, and any related documentation furnished by ISS (“Beta Software”) for Licensee’s evaluation and comment (the “Beta License”) during the Test Period. ISS’ standard test cycle, which may be extended at ISS’ discretion, extends for sixty (60) days, commencing on the date of delivery of the Beta Software (the “Test Period”). Upon expiration of the Test Period or termination of the License, Licensee shall, within thirty (30) days, return to ISS or destroy all copies of the Beta Software, and shall furnish ISS written confirmation of such return or destruction upon request. Licensee will provide ISS information reasonably requested by ISS regarding Licensee’s experiences with the installation and operation of the Beta Software. Licensee agrees that ISS shall have the right to use, in any manner and for any purpose, any information gained as a result of Licensee’s use and evaluation of the Beta Software. Such information shall include but not be limited to changes, modifications and corrections to the Beta Software. Licensee grants to ISS a perpetual, royalty-free, non-exclusive, transferable, sublicensable right and license to use, copy, make derivative works of and distribute any report, test result, suggestion or other item resulting from Licensee’s evaluation of its installation and operation of the Beta Software. If Licensee is ever held or deemed to be the owner of any copyright rights in the Beta Software or any changes, modifications or corrections to the Beta Software, then Licensee hereby irrevocably assigns to ISS all such rights, title and interest and agrees to execute all documents necessary to implement and confirm the letter and intent of this Section. Licensee acknowledges and agrees that the Beta Software (including its existence, nature and specific features) constitute Confidential Information as defined in Section 18. Licensee further agrees to treat as Confidential Information all feedback, reports, test results, suggestions, and other items resulting from Licensee’s evaluation and testing of the Beta Software as contemplated in this Agreement. With regard to the Beta Software, ISS has no obligation to provide support, maintenance, upgrades, modifica-tions, or new releases. However, ISS agrees to use its reasonable efforts to correct errors in the Beta Software and related documentation within a reasonable time, and will provide Licensee with any corrections it makes available to other evaluation participants. The documentation relating to the Beta Software may be in draft form and will, in many cases, be incomplete. Owing to the experimental nature of the Beta Software, Licensee is advised not to rely exclusively on the Beta Software for any reason. LICENSEE AGREES THAT THE BETA SOFTWARE AND RELATED DOCUMENTATION ARE BEING DELIVERED “AS IS” FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WAR-RANTY OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. LICENSEE ACKNOWLEDGES AND AGREES THAT THE BETA SOFTWARE MAY CONTAIN DEFECTS, PRODUCE ERRONEOUS AND UNINTENDED RESULTS AND MAY AFFECT DATA NETWORK SER-VICES AND OTHER MATERIALS OF LICENSEE. LICENSEE’S USE OF THE BETA SOFTWARE IS AT THE SOLE RISK OF LICENSEE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY NATURE, OR EXPENSES INCURRED BY LIC-ENSEE. LICENSEE’S SOLE AND EXCLUSIVE REMEDY SHALL BE TO TERMINATE THE BETA SOFTWARE LICENSE BY WRITTEN NOTICE TO ISS.
5. Evaluation License - If ISS is providing Licensee with the Software, security content and related documentation on an evaluation trial basis at no cost, such license Term is 30 days from installation, unless a longer period is agreed to in writing by ISS. ISS recommends using Software and security content for evalua-tion in a non-production, test environment. The following terms of this Section 5 additionally apply and supercede any conflicting provisions herein. Licensee agrees to remove or disable the Software and security content from the authorized platform and return the Software, security content and documentation to ISS upon expiration of the evaluation Term unless otherwise agreed by the parties in writing. ISS has no obligation to provide support, maintenance, upgrades, mod-ifications, or new releases to the Software or security content under evaluation. LICENSEE AGREES THAT THE EVALUATION SOFTWARE, SECURITY CON-TENT AND RELATED DOCUMENTATION ARE BEING DELIVERED “AS IS” FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PAR-TICULAR PURPOSE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY NATURE, OR EXPENSES INCURRED BY LICENSEE. LICENSEE’S SOLE AND EXCLUSIVE REMEDY SHALL BE TO TERMINATE THE EVALUATION LICENSE BY WRITTEN NOTICE TO ISS.
6. Covenants - ISS reserves all intellectual property rights in the Software, security content and Beta Software. Licensee agrees: (i) the Software, security content or Beta Software is owned by ISS and/or its licensors, is a valuable trade secret of ISS, and is protected by copyright laws and international treaty provisions; (ii) to take all reasonable precautions to protect the Software, security content or Beta Software from unauthorized access, disclosure, copying or use; (iii) not to modify, adapt, translate, reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of the Software, security content or Beta
Software; (iv) not to use ISS trademarks; (v) to reproduce all of ISS’ and its licensors’ copyright notices on any copies of the Software, security content or Beta Software; and (vi) not to transfer, lease, assign, sublicense, or distribute the Software, security content or Beta Software or make it available for time-sharing, ser-vice bureau, managed services offering, or on-line use.
7. Support and Maintenance – Depending upon what maintenance programs Licensee has purchased, ISS will provide maintenance, during the period for which Licensee has paid the applicable maintenance fees, in accordance with its prevailing Maintenance and Support Policy that is available at http://docu-ments.iss.net/maintenance_policy.pdf. Any supplemental Software code or related materials that ISS provides to Licensee as part of any support and mainte-nance service are to be considered part of the Software and are subject to the terms and conditions of this License, unless otherwise specified.
8. Limited Warranty - The commencement date of this limited warranty is the date on which ISS furnishes to Licensee the license key for the Software. For a period of ninety (90) days after the commencement date or for the Term (whichever is less), ISS warrants that the Software or security content will conform to material operational specifications described in its then current documentation. However, this limited warranty shall not apply unless (i) the Software or security content is installed, implemented, and operated in accordance with all written instructions and documentation supplied by ISS, (ii) Licensee notifies ISS in writing of any nonconformity within the warranty period, and (iii) Licensee has promptly and properly installed all corrections, new versions, and updates made available by ISS to Licensee. Furthermore, this limited warranty shall not apply to nonconformities arising from any of the following: (i) misuse of the Software or security content, (ii) modification of the Software or security content, (iii) failure by Licensee to utilize compatible computer and networking hardware and software, or (iv) interac-tion with software or firmware not provided by ISS. If Licensee timely notifies ISS in writing of any such nonconformity, then ISS shall repair or replace the Soft-ware or security content or, if ISS determines that repair or replacement is impractical, ISS may terminate the applicable licenses and refund the applicable license fees, as the sole and exclusive remedies of Licensee for such nonconformity. THIS WARRANTY GIVES LICENSEE SPECIFIC LEGAL RIGHTS, AND LICENSEE MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION. ISS DOES NOT WARRANT THAT THE SOFTWARE OR THE SECURITY CONTENT WILL MEET LICENSEE’S REQUIREMENTS, THAT THE OPERATION OF THE SOFTWARE OR SECURITY CONTENT WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL SOFTWARE OR SECURITY CONTENT ERRORS WILL BE CORRECTED. LICENSEE UNDER-STANDS AND AGREES THAT THE SOFTWARE AND THE SECURITY CONTENT ARE NO GUARANTEE AGAINST UNSOLICITED E-MAILS, UNDESIR-ABLE INTERNET CONTENT, INTRUSIONS, VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS, CANCELBOTS OR OTHER SIMILAR HARMFUL OR DELETERIOUS PROGRAMMING ROUTINES AFFECTING LICENSEE’S NETWORK, OR THAT ALL SECURITY THREATS AND VULNERABILITIES, UNSOLICITED E-MAILS OR UNDESIRABLE INTERNET CONTENT WILL BE DETECTED OR THAT THE PERFORMANCE OF THE SOFTWARE AND SECURITY CONTENT WILL RENDER LICENSEE’S SYSTEMS INVULNERABLE TO SECURITY BREACHES. THE REMEDIES SET OUT IN THIS SECTION 8 ARE THE SOLE AND EXCLUSIVE REMEDIES FOR BREACH OF THIS LIMITED WARRANTY.
9. Warranty Disclaimer - EXCEPT FOR THE LIMITED WARRANTY PROVIDED ABOVE, THE SOFTWARE AND SECURITY CONTENT ARE EACH PROVIDED “AS IS” AND ISS HEREBY DISCLAIMS ALL WARRANTIES, BOTH EXPRESS AND IMPLIED, INCLUDING IMPLIED WARRANTIES RESPECTING MER-CHANTABILITY, TITLE, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. LICENSEE EXPRESSLY ACKNOWLEDGES THAT NO REPRESENTATIONS OTHER THAN THOSE CONTAINED IN THIS LICENSE HAVE BEEN MADE REGARDING THE GOODS OR SERVICES TO BE PRO-VIDED HEREUNDER, AND THAT LICENSEE HAS NOT RELIED ON ANY REPRESENTATION NOT EXPRESSLY SET OUT IN THIS LICENSE.
10. Proprietary Rights - ISS represents and warrants that ISS has the authority to license the rights to the Software and security content that are granted herein. ISS shall defend and indemnify Licensee from any final award of costs and damages against Licensee for any actions based on infringement of any U.S. copyright, trade secret, or patent as a result of the use or distribution of a current, unmodified version of the Software and security content, but only if ISS is promptly noti-fied in writing of any such suit or claim, and only if Licensee permits ISS to defend, compromise, or settle same, and only if Licensee provides all available infor-mation and reasonable assistance. The foregoing is the exclusive remedy of Licensee and states the entire liability of ISS with respect to claims of infringement or misappropriation relating to the Software and security content.
11. Limitation of Liability - ISS’ ENTIRE LIABILITY FOR MONETARY DAMAGES ARISING OUT OF THIS LICENSE SHALL BE LIMITED TO THE AMOUNT OF THE LICENSE FEES ACTUALLY PAID BY LICENSEE UNDER THIS LICENSE, PRORATED OVER A THREE-YEAR TERM FROM THE DATE LICENSEE RECEIVED THE SOFTWARE. OR SECURITY CONTENT, AS APPLICABLE, IN NO EVENT SHALL ISS BE LIABLE TO LICENSEE UNDER ANY THEORY INCLUDING CONTRACT AND TORT (INCLUDING NEGLIGENCE AND STRICT PRODUCTS LIABILITY) FOR ANY SPECIAL, PUNITIVE, INDIRECT, INCI-DENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, DAMAGES FOR LOST PROFITS, LOSS OF DATA, LOSS OF USE, OR COMPUTER HARDWARE MALFUNCTION, EVEN IF ISS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
12. Termination - Licensee may terminate this License at any time by notifying ISS in writing. All rights granted under this License will terminate immediately, without prior written notice from ISS, at the end of the term of the License, if not perpetual. If Licensee fails to comply with any provisions of this License, ISS may imme-diately terminate this License if such default has not been cured within ten (10) days following written notice of default to Licensee. Upon termination or expiration of a license for Software, Licensee shall cease all use of such Software, including Software pre-installed on ISS hardware, and destroy all copies of the Software and associated documentation. Termination of this License shall not relieve Licensee of its obligation to pay all fees incurred prior to such termination and shall not limit either party from pursuing any other remedies available to it.
13. General Provisions - This License, together with the identification of the Software and/or security content, pricing and payment terms stated in the applicable ISS quotation and Licensee purchase order (if applicable) as accepted by ISS, constitute the entire agreement between the parties respecting its subject matter. Standard and other additional terms or conditions contained in any purchase order or similar document are hereby expressly rejected and shall have no force or effect. ISS Software and security content are generally delivered to Customer by supplying Customer with license key data. If Customer has not already down-loaded the Software, security content and documentation, then it is available for download at http://www.iss.net/download/. All ISS hardware with pre-installed Software and any other products not delivered by download are delivered f.o.b. origin. This License will be governed by the substantive laws of the State of Geor-gia, USA, excluding the application of its conflicts of law rules. This License will not be governed by the United Nations Convention on Contracts for the Interna-tional Sale of Goods, the application of which is expressly excluded. If any part of this License is found void or unenforceable, it will not affect the validity of the balance of the License, which shall remain valid and enforceable according to its terms. This License may only be modified in writing signed by an authorized officer of ISS.
14. Notice to United States Government End Users - Licensee acknowledges that any Software and security content furnished under this License is commercial computer software and any documentation is commercial technical data developed at private expense and is provided with RESTRICTED RIGHTS. Any use, modification, reproduction, display, release, duplication or disclosure of this commercial computer software by the United States Government or its agencies is subject to the terms, conditions and restrictions of this License in accordance with the United States Federal Acquisition Regulations at 48 C.F.R. Section 12.212 and DFAR Subsection 227.7202-3 and Clause 252.227-7015 or applicable subsequent regulations. Contractor/manufacturer is Internet Security Systems, Inc., 6303 Barfield Road, Atlanta, GA 30328, USA.
15. Export and Import Controls; Use Restrictions - Licensee will not transfer, export, or reexport the Software, security content, any related technology, or any direct product of either except in full compliance with the export controls administered by the United States and other countries and any applicable import and use restrictions. Licensee agrees that it will not export or reexport such items to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Commerce Department’s Denied Persons List or Entity List or such additional lists as may be issued by the U.S. Government from time to time, or to any country to which the United States has embargoed the export of goods (currently Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria) or for use with chemical or biological weapons, sensitive nuclear end-uses, or missiles. Licensee represents and warrants that it is not located in, under control of, or a national or resi-dent of any such country or on any such list. Many ISS software products include encryption and export outside of the United States or Canada is strictly con-trolled by U.S. laws and regulations. ISS makes its current export classification information available at http://www.iss.net/export. Please contact ISS’ Sourcing and Fulfillment for export questions relating to the Software or security content ([email protected]). Licensee understands that the foregoing obligations are U.S. legal requirements and agrees that they shall survive any term or termination of this License.
16. Authority - Because the Software is designed to test or monitor the security of computer network systems and may disclose or create problems in the operation of the systems tested, Licensee and the persons acting for Licensee represent and warrant that: (a) they are fully authorized by the Licensee and the owners of the computer network for which the Software is licensed to enter into this License and to obtain and operate the Software in order to test and monitor that com-puter network; (b) the Licensee and the owners of that computer network understand and accept the risks involved; and (c) the Licensee shall procure and use the Software in accordance with all applicable laws, regulations and rules.
17. Disclaimers - Licensee acknowledges that some of the Software and security content is designed to test the security of computer networks and may disclose or create problems in the operation of the systems tested. Licensee further acknowledges that neither the Software nor security content is fault tolerant or designed or intended for use in hazardous environments requiring fail-safe operation, including, but not limited to, aircraft navigation, air traffic control systems, weapon systems, life-support systems, nuclear facilities, or any other applications in which the failure of the Software and security content could lead to death or personal injury, or severe physical or property damage. ISS disclaims any implied warranty of fitness for High Risk Use. Licensee accepts the risk associated with the fore-going disclaimers and hereby waives all rights, remedies, and causes of action against ISS and releases ISS from all liabilities arising therefrom.
18. Confidentiality - “Confidential Information” means all information proprietary to a party or its suppliers that is marked as confidential. Each party acknowledges that during the term of this Agreement, it will be exposed to Confidential Information of the other party. The obligations of the party (“Receiving Party”) which receives Confidential Information of the other party (“Disclosing Party”) with respect to any particular portion of the Disclosing Party’s Confidential Information shall not attach or shall terminate when any of the following occurs: (i) it was in the public domain or generally available to the public at the time of disclosure to the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third parting having the right to furnish it with no obligation of confidentiality to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Dis-closing Party. Each party acknowledges that the use or disclosure of Confidential Information of the Disclosing Party in violation of this License could severely and irreparably damage the economic interests of the Disclosing Party. The Receiving Party agrees not to disclose or use any Confidential Information of the Dis-closing Party in violation of this License and to use Confidential Information of the Disclosing Party solely for the purposes of this License. Upon demand by the
Disclosing Party and, in any event, upon expiration or termination of this License, the Receiving Party shall return to the Disclosing Party all copies of the Disclos-ing Party’s Confidential Information in the Receiving Party’s possession or control and destroy all derivatives and other vestiges of the Disclosing Party’s Confi-dential Information obtained or created by the Disclosing Party. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.
19. Compliance - From time to time, ISS may request Licensee to provide a certification that the Software and security content is being used in accordance with the terms of this License. If so requested, Licensee shall verify its compliance and deliver its certification within forty-five (45) days of the request. The certification shall state Licensee’s compliance or non-compliance, including the extent of any non-compliance. ISS may also, at any time, upon thirty (30) days prior written notice, at its own expense appoint a nationally recognized software use auditor, to whom Licensee has no reasonable objection, to audit and examine use and records at Licensee offices during normal business hours, solely for the purpose of confirming that Licensee’s use of the Software and security content is in com-pliance with the terms of this License. ISS will use commercially reasonable efforts to have such audit conducted in a manner such that it will not unreasonably interfere with the normal business operations of Licensee. If such audit should reveal that use of the Software or security content has been expanded beyond the scope of use and/or the number of Authorized Devices or Licensee certifies such non-compliance, ISS shall have the right to charge Licensee the applicable cur-rent list prices required to bring Licensee in compliance with its obligations hereunder with respect to its current use of the Software and security content. In addi-tion to the foregoing, ISS may pursue any other rights and remedies it may have at law, in equity or under this License.
20. Data Protection - The data needed to process this transaction will be stored by ISS and may be forwarded to companies affiliated with ISS and possibly to Lic-ensee’s vendor within the framework of processing Licensee’s order. All personal data will be treated confidentially.
Revised March 16, 2004.