Cisco Cisco Firepower Management Center 4000 Developer's Guide
B-83
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Connection Statistics Data Block 5.1
The Connection Statistics data block is used in Connection Data messages. Changes to the Connection
data block between 5.0.2 and 5.1 include the addition of new fields with configuration parameters
introduced in 5.1 (rule action reason, monitor rules, Security Intelligence source/destination, Security
Intelligence layer). The Connection Statistics data block for version 5.1 has a block type of 126.
data block between 5.0.2 and 5.1 include the addition of new fields with configuration parameters
introduced in 5.1 (rule action reason, monitor rules, Security Intelligence source/destination, Security
Intelligence layer). The Connection Statistics data block for version 5.1 has a block type of 126.
For more information on the Connection Statistics Data message, see
The following diagram shows the format of a Connection Statistics data block for 5.1:
::
String Block
Type
Type
uint32
Initiates a String data block for the host NetBIOS name. This value is
always
always
0
.
String Block
Length
Length
uint32
Number of bytes in the String data block, including eight bytes for the
string block type and length fields, plus the number of bytes in the
NetBIOS name string.
string block type and length fields, plus the number of bytes in the
NetBIOS name string.
NetBIOS Name
string
Host NetBIOS name string.
String Block
Type
Type
uint32
Initiates a String data block for the client application version. This
value is always
value is always
0
.
String Block
Length
Length
uint32
Number of bytes in the String data block for the client application
version, including eight bytes for the string block type and length, plus
the number of bytes in the version.
version, including eight bytes for the string block type and length, plus
the number of bytes in the version.
Client
Application
Version
Application
Version
string
Client application version.
Table B-19
Connection Statistics Data Block 5.0 - 5.0.2 Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Connection Data Block Type (126)
Connection Data Block Length
Device ID
Ingress Zone
Ingress Zone, continued
Ingress Zone, continued
Ingress Zone, continued
Egress Zone