Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

615

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

The 

 table describes the fields of 

the Connection Statistics data block for 5.1.1.x.

Monitor Rule 1

Monitor Rule 2

Monitor Rule 3

Monitor Rule 4

Monitor Rule 5

Monitor Rule 6

Monitor Rule 7

Monitor Rule 8

Sec. Int. Src/Dst

Sec. Int. Layer

File Event Count

Intrusion Event Count

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Statistics Data Block 5.1.1.x Fields 

Connection 

Statistics Data 

Block Type

uint32

Initiates a Connection Statistics data block for 

5.1.1.x. The value is always 137.

Connection 

Statistics Data 

Block Length

uint32

Number of bytes in the Connection Statistics 

data block, including eight bytes for the 

connection statistics block type and length 

fields, plus the number of bytes in the 

connection data that follows.

Device ID

uint32

The device that detected the connection event.

Ingress Zone

uint8[16]

Ingress security zone in the event that 

triggered the policy violation.

Egress Zone

uint8[16]

Egress security zone in the event that triggered 

the policy violation.

Ingress 

Interface

uint8[16]

Interface for the inbound traffic.