Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
68
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
on page 30. If you enable bit 23, an extended event header is
included in the record. Note that the Record Type field, which appears after the
Message Length field, has a value of 2, indicating a packet record.
The
table describes the fields in the Packet record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (2)
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)
Device ID
Event ID
Event Second
Packet Second
Packet Microsecond
Link Type
Packet Length
Packet Data...
Packet Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Device ID
uint32
The device identification number. You can obtain
device names that correlate to them by
requesting Version 3 or 4 metadata. See
for more information.
Event ID
uint32
The event identification number.
Event Second
uint32
The second (from 01/01/1970) that the event
occurred.