Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

602

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

Connection Statistics Data Block 5.2.x

The connection statistics data block is used in connection data messages. 

Changes to the connection data block between versions 5.1.1 and 5.2 include the 

addition of new fields to support geolocation. The connection statistics data block 

for version 5.2.x has a block type of 144 in the series 1 group of blocks. It 

deprecates block type 137, 

For more information on the Connection Statistics Data message, see 

The following diagram shows the format of a Connection Statistics data block for 

5.2+:

Monitor Rule 3

uint32

The ID of the third monitor rule associated with 

the connection event.

Monitor Rule 4

uint32

The ID of the fourth monitor rule associated 

with the connection event.

Monitor Rule 5

uint32

The ID of the fifth monitor rule associated with 

the connection event.

Monitor Rule 6

uint32

The ID of the sixth monitor rule associated with 

the connection event.

Monitor Rule 7

uint32

The ID of the seventh monitor rule associated 

with the connection event.

Monitor Rule 8

uint32

The ID of the eighth monitor rule associated 

with the connection event.

Security 

Intelligence 

Source/ 

Destination

uint8

Whether the source or destination IP address 

matched the IP blacklist.

Security 

Intelligence 

Layer

uint8

The IP layer that matched the IP blacklist.

Connection Statistics Data Block 5.1 Fields (Continued)