Symantec™ Sygate Enterprise Protection Database Schema Reference Guide Release 5.1 Copyright Information Copyright © 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Sygate, the Sygate ‘S’ Logo, Host Integrity, and AutoLocation are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.com Documentation Build 5.1.0.6500 Published December 19, 2005 iii Table of Contents Preface v Intended Audience v Related Product Information v Getting Technical Support v Chapter 1. Database Schema Overview 1 Chapter 2. Symantec Policy Manager Database Schema 3 Agent Behavior Log Schema 4 Agent Packet Log Schema 6 Agent Security Log Schema 8 Agent System Log Schema 10 Agent Traffic Log Schema 11 Basic Metadata Schema 14 Binary File Schema 15 Computer Application Schema 16 Enforcer Client Log Schema 17 Enforcer System Log Schema 19 Enforcer Traffic Log Schema 20 Identity Map Schema 22 LAN Device Detected Schema 23 LAN Device Excluded Schema 24 Legacy Agent Schema 25 Local Metadata Schema 26 Log Config Schema 27 Reports Schema 28 SE Global Schema 29 SEM Agent Schema 30 SEM Application Schema 32 SEM Client Schema 33 SEM Computer Schema 34 Serial Numbers Schema 36 Server Admin Log Schema 37 Server Client Log Schema 38 Server System Log Schema 39 Server Enforcer Log Schema 40 Server Policy Log Schema 41 System State Schema 42 Symantec Database Schema Reference Guide iv v Preface This document, the Database Schema Reference Guide, describes the database schema for the Symantec™ Policy Manager database (for either Embedded or Microsoft SQL databases). Intended Audience This information is for database administrators who may need to generate specialized reports from the information in the database. Related Product Information For information about setting up the Policy Manager database, see the Policy Manager Installation Guide. For other administrative information about the Policy Manager database, see the Policy Manager Administration Guide. This information is also available online in the Policy Manager online help. For information about known problems with this release, refer to the Readme.txt file. Getting Technical Support Symantec Corporation provides a wide variety of service and support programs. Contact Enterprise Support through its web site, by email, or by telephone. Web site: www.sygate.com/support Email address: EnterpriseSupport@sygate.com Toll free number: (877) TECH-800 (832-4800) Symantec Database Schema Reference Guide vi 1 Chapter 1. Database Schema Overview The Policy Manager database is where all the information concerning the Symantec software and associated security information is located. The information is stored in a series of tables, the database schema. Each table contains three columns and one or more rows. Each table has the same columns in the same order: • Column Name • Comments • Data Type Column Name This column contains the name of the database field. Comments The comments column explains the purpose of the field and any additional pertinent information. Data Type The data type column shows the physical make up of the data. The different types of data are: • CHAR • VARCHAR • NUMBER • RAW In addition, the data type column indicates the physical length of the field with a number in parenthesis. For example, CHAR(24) indicates a character field with a length of 24 characters. Symantec Database Schema Reference Guide 2 Primary Key An asterisk designates the primary key in the tables. The primary key is a column or a set of columns that uniquely identify all the rows in a table. Primary keys may not contain null values. No two rows can have the same primary key value; therefore, a primary key value always uniquely identifies a single row. More than one key can uniquely identify rows in a table, each of these keys is called a candidate key. Only one candidate can be chosen as the primary key of a table; all other candidate keys are known as alternate keys. In a normalized table, all of the data values in each row are fully dependent on the primary key. For example, in a normalized employee table that has EmployeeID as the primary key, all of the columns should contain data related to a specific employee. The table should not have a column called DepartmentName because the name of the department is dependent on a department ID, not on an employee ID. 3 Chapter 2. Symantec Policy Manager Database Schema This chapter describes each table in alphabetical order. If you are using Symantec Network Access Control, some of the tables (and some fields in the tables) are not used because related functionality is not included. For example, Agent Traffic, Packet, and Behavior logs are not used. Symantec Database Schema Reference Guide 4 Agent Behavior Log Schema Not used in Symantec Network Access Control. This table lists the database schema for the Agent Behavior logs. There are actually two tables for this schema. When logs are stored, the Policy Manager uses the first table until it is full. It then switches to using the second table. The data in the first table is kept intact until the second table fills. Then it starts to fill the first table again. This cycle is continuous. Agent Behavior Log Column Name Comment Data Type USN A usn based serial number, this ID is not unique. NUMBER(13) DOMAIN_ID GUID of the domain, which the log belongs to. CHAR(32) SITE_ID GUID of the site, which the log belongs to. CHAR(32) SERVER_ID GUID of the server, which the log belongs to. CHAR(32) GROUP_ID GUID of the group, which the log belongs to. CHAR(32) COMPUTER_ID GUID of the Agent computer, which the log belongs to. CHAR(32) TIME_STAMP The time when the event is logged into system (GMT), which is server side time. NUMBER(13) EVENT_ID A event id from send Agent. NUMBER(10) EVENT_TIME The event generated time (GMT). NUMBER(13) SEVERITY The seriousness of the event 0 is most serious NUMBER(10) AGENT_ID GUID of the Agent. CHAR(32) HARDWARE_KEY Hash of Computer Hardware information. CHAR(32) HOST_NAME Host Name of Agent machine. VARCHAR2(256) ACTION What we did: 0 = allow, 1 = block, 2 = ask, 3 = continue, 4 = terminate NUMBER(10) TEST_MODE Was this rule run in test mode? 0 = no, else yes NUMBER(10) DESCRIPTION Description. VARCHAR2(256) VAPI_NAME The Name of remote computer (it may be empty if name solve failed). VARCHAR2(256) ENCODED_API_NAME The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On other event, it is always zero. VARCHAR2(256) BEGIN_TIME The begin time of security issue. NUMBER(13) [...]... future use *Indicates the primary key, PK_REPORTS 28 Symantec Policy Manager Database Schema SE Global Schema This table lists SE Global schema information SE Global Column Name SEQ_NUM Comments Used to generate USN Data Type NUMBER(13) 29 Symantec Database Schema Reference Guide SEM Agent Schema This table lists SEM Agent schema information SEM Agent Column Name AGENT_ID* Comments GUID of the Agent... CHAR(32) RESERVED_CHAR2 Reserved for future use CHAR(32) RESERVED_VARCHAR1 Reserved for future use VARCHAR2(260) 7 Symantec Database Schema Reference Guide Agent Security Log Schema This table lists the database schema for the Agent Security logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches to using the second... The MAC address of remote computer VARCHAR2(18) LOCATION_NAME The location used when event occurs VARCHAR2(256) 9 Symantec Database Schema Reference Guide Agent System Log Schema This table lists the database schema for the Agent System logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches to using the second... CHAR(32) RESERVED_VARCHAR1 Reserved for future use VARCHAR2(260) RESERVED_BINARY RAW Reserved for future use 19 Symantec Database Schema Reference Guide Enforcer Traffic Log Schema This table lists the database schema for the Enforcer Traffic logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches to using the second... 25 Symantec Database Schema Reference Guide Local Metadata Schema This table lists Local Metadata schema information Local Metadata Column Name ID* Comments GUID Data Type CHAR(32) TYPE Type of local_metadata Only support SemLocalSettings at this moment VARCHAR2(256) CHECKSUM Checksum of XML content CHAR(32) CONTENT XML content of the schema object LONG RAW DELETED The deleted flag of the schema object:... Reserved for future use VARCHAR2(260) RESERVED_BINARY Reserved for future use RAW VARCHAR2(256) 5 Symantec Database Schema Reference Guide Agent Packet Log Schema Not used in Symantec Network Access Control This table lists the database schema for the Agent Packet logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches... PK_BASIC_METADATA 14 Symantec Policy Manager Database Schema Binary File Schema This table lists binary schema information Binary File Column Name CHECKSUM Comments Checksum of XML content Data Type CHAR(32) CONTENT XML content of the schema object LONG RAW DELETED The deleted flag of the schema object: Deleted -1 Not Deleted - 0 NUMBER(3) ID* GUID of the schema object CHAR(32) OWNER GUID of the owner... VARCHAR2(260) RESERVED_BINARY RAW Reserved for future use *Indicates the primary key, PK_COMPUTER_APPLICATION 16 Symantec Policy Manager Database Schema Enforcer Client Log Schema This table lists the database schema for the Enforcer Client logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches to using the second table... RESERVED_VARCHAR1 Reserved for future use VARCHAR2(260) RESERVED_BINARY RAW 18 Reserved for future use Symantec Policy Manager Database Schema Enforcer System Log Schema This table lists the database schema for the Enforcer System logs There are actually two tables for this schema When logs are stored, the Policy Manager uses the first table until it is full It then switches to using the second table... use 13 Symantec Database Schema Reference Guide Basic Metadata Schema This table lists basic metadata schema information Basic Metadata Column Name CHECKSUM Comments Checksum of XML content Data Type CHAR(32) CONTENT XML content of the schema object LONG RAW DELETED The deleted flag of the schema object: Deleted -1 Not Deleted - 0 NUMBER(3) ID* GUID of the schema object CHAR(32) OWNER GUID of the owner . Symantec™ Sygate Enterprise Protection Database Schema Reference Guide Release 5.1 Copyright Information. Log Schema 40 Server Policy Log Schema 41 System State Schema 42 Symantec Database Schema Reference Guide iv v Preface This document, the Database