Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

131

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

Access Control Policy Rule Reason Data Block

The eStreamer service uses the Access Control Rule Policy Rule Reason Data 

block to contain information about access control policy rule IDs. This data block 

has a block type of 21 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID 

metadata block.

The 

 table describes the 

fields in the Access Control Policy Rule ID metadata block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Access Control Policy Rule Reason Data Block Type (21)

Access Control Policy Rule Reason Data Block Length

Description

Reason

String Block Type (0)

String Block Type (0), continued

String Block Length

String Block Length, continued

Description...

Access Control Policy Rule Reason Data Block Fields 

Access Control 

Policy Rule 

Reason Data 

Block Type

uint32

Initiates an Access Control Policy Rule Reason 

data block. This value is always 21.

Access Control 

Policy Rule 

Reason Data 

Block Length

uint32

Total number of bytes in the Access Control 

Policy Rule Reason data block, including eight 

bytes for the Access Control Policy Rule 

Reason data block type and length fields, plus 

the number of bytes of data that follows. 

Reason

uint16

The number of the reason for the rule that 

triggered the event.

String Block 

Type

uint32

Initiates a String data block containing the 

description of the access control policy rule 

reason. This value is always 0.