Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

192

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

The 

 table describes the fields in the 

Access Control Rule Action record.

URL Category Record Metadata

The eStreamer service transmits metadata containing the category name 

associated with a URL in a connection log within a URL Category record, the 

format of which is shown below. (URL category information is sent when the 

version 4 metadata flag—bit 20 in the Request Flags field of a request 

message—is set. See 

 on page 30.) Note that the record field, 

which appears after the Message Length field, has a value of 121, indicating a 

URL Category record.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (120)

Record Length

Access Control Rule Action ID

Name Length

Name...

Access Control Rule Action Record Fields 

Access Control 

Rule Action ID

uint32

ID number of the access control rule action.

Name Length

uint32

The number of bytes included in the name.

Name

string

The firewall rule action name.