This section describes the database tables, views, and functions of One Identity Safeguard for Privileged Sessions (SPS) that can be used in the custom queries of the Reporting > Advanced statistics page. Generally, views contain a more organized dataset, while tables contain the raw data.
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
Database table | Type | Description |
---|---|---|
alerting | table | The list of alerting events. For details, see The alerting table. |
aps | table | [OBSOLETE] The list of Audit Player indexing services that are available for SPS. For details, see The aps table. |
archives | table | Data about the archiving processes. For details, see The archives table. |
audit_trail_downloads | table | Data about the audit trail downloads. For details, see The audit_trail_downloads table. |
channels | table | Contains metadata about the channel-opening requests and opened channels. This is the main table storing data about the connections. For details, see The channels table. |
closed_connection_audit_channels | view | This view returns all audited channels whose connection have been closed. For details, see The closed_connection_audit_channels view. |
closed_not_indexed_audit_channels | view | This view returns all audited channels whose connection have been closed, but have not been indexed yet. For details, see The closed_not_indexed_audit_channels view. |
connection_events | view | List of commands or window titles detected in the connections. For details, see The connection_events view. |
connection_occurrences | view | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and where these tokens appear in the audit trails. For details, see The connection_occurrences view. |
connections | view | A view containing data of the connections. This data is identical to the information available on the Search page. For details, see The connections view. |
events | table | The commands or events extracted from the indexed audit trails. For details, see The events table. |
file_xfer | table | Data about the files transfered in the audited connections (SCP, SFTP). For details, see The file_xfer table. |
http_req_resp_pair | table | Information about the requests and responses in HTTP and HTTPS sessions. For details, see The http_req_resp_pair table. |
indexer_jobs | table | Information and statistics about indexer jobs. For details, see The indexer_jobs table. |
occurrences | table | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and where these tokens appear in the audit trails. For details, see The occurrences table. |
progresses | table | [OBSOLETE] Which audit trail is assigned to which Audit Player for processing. For details, see The progresses table. |
results | table | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and in which audit trails were these tokens found. For details, see The results table. |
skipped_connections | table | List of errors encountered when processing audit trails. For details, see The skipped_connections table. |
usermapped_channels | view | Information about sessions where usermapping was performed in the connection. For details, see The usermapped_channels view. |
To search the content of audit trails that were processed using indexing, you can use the lucene SQL function. For details, see Querying trail content with the lucene-search function.
The audit_trail_downloads table
The closed_connection_audit_channels view
The closed_not_indexed_audit_channels view
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
Column | Type | Description |
---|---|---|
alerting_time | timestamp | The timestamp of the alert. |
alerting_type | text | The type of the alert. |
channel_id | integer | This value is a reference to the ID of the channels table where the event occurred. |
matched_content | text | The matched content. |
matched_regexp | text | The matched regular expression. |
rule_name | text | The name of the content policy rule. |
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
This table contains information only about Audit Player indexers. It does not contain any information about the indexer service.
Column | Type | Description |
---|---|---|
ap_id | integer | [OBSOLETE] The ID of the Audit Player indexer service that is processing the audit trail. |
dead | boolean | Set to 1 if the Audit Player indexer service on this host is considered to be unavailable. |
id | integer | The unique ID number of the entry. |
last_poll | integer | The timestamp of the last time when the Audit Player indexer service on this host requested an audit trail from SPS. |
remote_addr | text | [OBSOLETE] The address of the host running the Audit Player indexer service. |
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
Column | Type | Description |
---|---|---|
id | integer | The unique ID number of the entry. |
orig_filename | text | The original name of the file, as stored on SPS. |
policy_id | text | The ID of the archiving policy that archived the file. |
saved_filename | text | The name of the archive file containing the file. |
server | text | The address of the server where the file was archived. |
type | text | Indicates the type of the file: audit or index. |
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center