Cisco Cisco Firepower Management Center 4000 개발자 가이드
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
195
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
The
Access Control Rule Reason Metadata Fields
table describes the fields in the
Access Control Rule ID data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (124)
Record Length
Access Control Rule Reason Block Type (21)
Access Control Rule Block Length
Access Control Rule Reason
String Block Type (0)
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Description...
Access Control Rule Reason Metadata Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Access Control
Rule Reason
Block Type
uint32
Initiates an Access Control Rule Reason block.
This value is always 21. This is a series 2 data
block.
Access Control
Rule Reason
Block Length
uint32
Total number of bytes in the Access Control
Rule Reason block, including eight bytes for
the Access Control Rule Reason block type
and length fields, plus the number of bytes of
data that follows.
Access Control
Rule Reason
uint16
The reason the Access Control rule logged the
connection.
String Block
Type
uint32
Initiates a String data block containing the
descriptive name associated with the access
control rule reason. This value is always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Description field.
Description
string
Description of the Access Control rule reason.