Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
131
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
Access Control Policy Rule Reason Data Block
The eStreamer service uses the Access Control Rule Policy Rule Reason Data
block to contain information about access control policy rule IDs. This data block
has a block type of 21 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID
The following diagram shows the structure of the Access Control Policy Rule ID
metadata block.
The
table describes the
fields in the Access Control Policy Rule ID metadata block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Policy Rule Reason Data Block Type (21)
Access Control Policy Rule Reason Data Block Length
Description
Reason
String Block Type (0)
String Block Type (0), continued
String Block Length
String Block Length, continued
Description...
Access Control Policy Rule Reason Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Access Control
Policy Rule
Reason Data
Block Type
uint32
Initiates an Access Control Policy Rule Reason
data block. This value is always 21.
Access Control
Policy Rule
Reason Data
Block Length
uint32
Total number of bytes in the Access Control
Policy Rule Reason data block, including eight
bytes for the Access Control Policy Rule
Reason data block type and length fields, plus
the number of bytes of data that follows.
Reason
uint16
The number of the reason for the rule that
triggered the event.
String Block
Type
uint32
Initiates a String data block containing the
description of the access control policy rule
reason. This value is always 0.