Cisco Cisco Firepower Management Center 4000 개발자 가이드

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

195

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

The 

 table describes the fields in the 

Access Control Rule ID data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (124)

Record Length

Access Control Rule Reason Block Type (21)

Access Control Rule Block Length

Access Control Rule Reason

String Block Type (0)

String Block Type (0), cont.

String Block Length

String Block Length, cont.

Description...

Access Control Rule Reason Metadata Fields 

Access Control 

Rule Reason 

Block Type

uint32

Initiates an Access Control Rule Reason block. 

This value is always 21. This is a series 2 data 

block.

Access Control 

Rule Reason 

Block Length

uint32

Total number of bytes in the Access Control 

Rule Reason block, including eight bytes for 

the Access Control Rule Reason block type 

and length fields, plus the number of bytes of 

data that follows.

Access Control 

Rule Reason

uint16

The reason the Access Control rule logged the 

connection.

String Block 

Type

uint32

Initiates a String data block containing the 

descriptive name associated with the access 

control rule reason. This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Description field.

Description

string

Description of the Access Control rule reason.