Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
466
Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Appendix B
Intrusion Event (IPv4) Record 5.0.x - 5.1
The fields in the intrusion event (IPv4) record are shaded in the following graphic.
The record type is 207.
You request intrusion event records by setting the intrusion event flag or the
You request intrusion event records by setting the intrusion event flag or the
extended requests flag in the request message. See
For version 5.0.x - 5.1 intrusion events, the event ID, the managed device ID, and
the event second form a unique identifier.
Blocked
uint8
Value indicating whether the event was blocked.
• 0 — not blocked
• 0 — not blocked
• 1 — blocked
• 2 — would be blocked (but not permitted by
configuration)
Reserved
uint32
Reserved. The display value is
MPLS Label:0
.
VLAN ID
uint16
Indicates the ID of the VLAN where the packet
originated. (Applies to 4.9+ events only.)
Pad
uint16
Reserved for future use.
Intrusion Event (IPv6) Record 4.10.2.3+ Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (207)
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)
Device ID
Event ID
Event Second
Event Microsecond