Cisco Cisco Firepower Management Center 4000 开发者指南
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
383
Understanding Discovery & Connection Data Structures
Discovery and Connection Event Series 2 Data Blocks
Chapter 4
Access Control Rule Reason Data Block 5.1+
The eStreamer service uses the Access Control Rule Reason data block in Access
Control Rule Reason metadata messages to map Access Control reasons to a
descriptive string. The Access Control Rule Reason data block has a block type of
21 in the series 2 group of blocks.
The following graphic shows the structure of the Access Control Rule Reason
The following graphic shows the structure of the Access Control Rule Reason
data block.:
Access Control
Rule ID
uint32
The internal Sourcefire identifier for the access
control rule.
String Block
Type
uint32
Initiates a String data block containing the
descriptive name associated with the access
control rule UUID and access control rule ID.
This value is always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Name field.
Name
string
The descriptive name.
Access Control Rule Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Rule Reason Block Type (21)
Access Control Rule Block Length
Description
Access Control Rule Reason
String Block Type (0)
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Description...