Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
69
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Priority Record
The eStreamer service transmits the priority associated with an event in a Priority
record, the format of which is shown below. (Priority information is sent when
one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a
request message—is set. See
on page 30.) Note that the Record
Type field, which appears after the Message Length field, has a value of 4,
indicating a Priority record.
Packet Second
uint32
The second (from 01/01/1970) that the packet
was captured.
Packet
Microsecond
uint32
Microsecond (one millionth of a second)
increment that the packet was captured.
Link Type
uint32
Link layer type. Currently, the value will always
be 1 (signifying the Ethernet layer).
Packet Length
uint32
Number of bytes included in the packet data.
Packet Data
variable
Actual captured packet data (header and
payload).
Packet Record Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (4)
Record Length
Priority ID
Name Length
Priority Name...