Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
595
Understanding Legacy Data Structures
Legacy Connection Data Structures
Appendix B
Connection Statistics Data Block 5.1
The Connection Statistics data block is used in Connection Data messages.
Changes to the Connection data block between 5.0.2 and 5.1 include the addition
of new fields with configuration parameters introduced in 5.1 (rule action reason,
monitor rules, Security Intelligence source/destination, Security Intelligence
layer). The Connection Statistics data block for version 5.1 has a block type of 126.
Web
Application ID
uint32
The internal identification number of the detected
web application, if applicable.
String Block
Type
uint32
Initiates a String data block for the client
application URL. This value is always 0.
String Block
Length
uint32
Number of bytes in the client application URL
String data block, including eight bytes for the
string block type and length fields, plus the
number of bytes in the client application URL
string.
Client
Application
URL
string
URL the client application accessed, if applicable
(/files/index.html, for example).
String Block
Type
uint32
Initiates a String data block for the host NetBIOS
name. This value is always 0.
String Block
Length
uint32
Number of bytes in the String data block,
including eight bytes for the string block type and
length fields, plus the number of bytes in the
NetBIOS name string.
NetBIOS
Name
string
Host NetBIOS name string.
String Block
Type
uint32
Initiates a String data block for the client
application version. This value is always 0.
String Block
Length
uint32
Number of bytes in the String data block for the
client application version, including eight bytes
for the string block type and length, plus the
number of bytes in the version.
Client
Application
Version
string
Client application version.
Connection Statistics Data Block 5.0 - 5.0.2 Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION