Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
4-176
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Discovery and Connection Event Series 2 Data Blocks
Access Control Rule Reason Data Block 5.1+
The eStreamer service uses the Access Control Rule Reason data block in Access Control Rule Reason
metadata messages to map Access Control reasons to a descriptive string. The Access Control Rule
Reason data block has a block type of 21 in the series 2 group of blocks.
metadata messages to map Access Control reasons to a descriptive string. The Access Control Rule
Reason data block has a block type of 21 in the series 2 group of blocks.
The following graphic shows the structure of the Access Control Rule Reason data block.:
The following table describes the fields in the Access Control Rule Reason data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Rule Reason Block Type (21)
Access Control Rule Block Length
Description
Access Control Rule Reason
String Block Type (0)
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Description...
Table 4-89
Access Control Rule Reason Data Block Fields
Field
Data Type
Description
Access Control Rule
Reason Block Type
Reason Block Type
uint32
Initiates an Access Control Rule Reason block. This value is
always
always
21
.
Access Control Rule
Reason Block
Length
Reason Block
Length
uint32
Total number of bytes in the Access Control Rule Reason
block, including eight bytes for the Access Control Rule
Reason block type and length fields, plus the number of bytes
of data that follows.
block, including eight bytes for the Access Control Rule
Reason block type and length fields, plus the number of bytes
of data that follows.
Access Control Rule
Reason
Reason
uint16
The reason the Access Control rule logged the connection.
String Block Type
uint32
Initiates a String data block containing the descriptive name
associated with the access control rule reason. This value is
always
associated with the access control rule reason. This value is
always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the Description field.
including eight bytes for the block type and header fields plus
the number of bytes in the Description field.
Description
string
Description of the Access Control rule reason.