Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

68

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

 on page 30. If you enable bit 23, an extended event header is 

included in the record. Note that the Record Type field, which appears after the 

Message Length field, has a value of 2, indicating a packet record.

The 

 table describes the fields in the Packet record.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (2)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Device ID

Event ID

Event Second

Packet Second

Packet Microsecond

Link Type

Packet Length

Packet Data...

Packet Record Fields 

Device ID

uint32

The device identification number. You can obtain 

device names that correlate to them by 

requesting Version 3 or 4 metadata. See 

 on page 99 

for more information.

Event ID

uint32

The event identification number.

Event Second

uint32

The second (from 01/01/1970) that the event 

occurred.