Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
B-100
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Table B-23
Connection Statistics Data Block 5.1.1.x Fields
Field
Data Type
Description
Connection
Statistics Data
Block Type
Statistics Data
Block Type
uint32
Initiates a Connection Statistics data block for 5.1.1.x. The value
is always
is always
137
.
Connection
Statistics Data
Block Length
Statistics Data
Block Length
uint32
Number of bytes in the Connection Statistics data block, including
eight bytes for the connection statistics block type and length
fields, plus the number of bytes in the connection data that
follows.
eight bytes for the connection statistics block type and length
fields, plus the number of bytes in the connection data that
follows.
Device ID
uint32
The device that detected the connection event.
Ingress Zone
uint8[16]
Ingress security zone in the event that triggered the policy
violation.
violation.
Egress Zone
uint8[16]
Egress security zone in the event that triggered the policy
violation.
violation.
Ingress Interface
uint8[16]
Interface for the inbound traffic.
Egress Interface
uint8[16]
Interface for the outbound traffic.
Initiator IP
Address
Address
uint8[16]
IP address of the host that initiated the session described in the
connection event, in IP address octets.
connection event, in IP address octets.
Responder IP
Address
Address
uint8[16]
IP address of the host that responded to the initiating host, in IP
address octets.
address octets.
Policy Revision
uint8[16]
Revision number of the rule associated with the triggered
correlation event, if applicable.
correlation event, if applicable.
Rule ID
uint32
Internal identifier for the rule that triggered the event, if
applicable.
applicable.
Rule Action
uint16
The action selected in the user interface for that rule (allow, block,
and so forth).
and so forth).
Rule Reason
uint16
The reason the rule triggered the event.
Initiator Port
uint16
Port used by the initiating host.
Responder Port
uint16
Port used by the responding host.
TCP Flags
uint16
Indicates any TCP flags for the connection event.
Protocol
uint8
The IANA-specified protocol number.
NetFlow Source
uint8[16]
IP address of the NetFlow-enabled device that exported the data
for the connection.
for the connection.
Instance ID
uint16
Numerical ID of the Snort instance on the managed device that
generated the event.
generated the event.
Connection
Counter
Counter
uint16
Value used to distinguish between connection events that happen
during the same second.
during the same second.
First Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the first packet was
exchanged in the session.
exchanged in the session.
Last Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the last packet was
exchanged in the session.
exchanged in the session.