Cisco Cisco Firepower Management Center 4000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

471

Understanding Legacy Data Structures

Legacy Intrusion Data Structures

Appendix B

Blocked

uint8 

Value indicating whether the event was blocked.
• 0 — not blocked

• 1 — blocked

• 2 — would be blocked (but not permitted by 

configuration)

MPLS Label

uint32 

MPLS label.

VLAN ID

uint16

Indicates the ID of the VLAN where the packet 

originated.

Pad

uint16

Reserved for future use.

Policy UUID

uint8[16]

A policy ID number that acts as a unique 

identifier for the intrusion policy.

User ID

uint32

The internal identification number for the user, if 

applicable.

Web 

Application ID

uint32

The internal identification number for the web 

application, if applicable.

Client 

Application ID

uint32

The internal identification number for the client 

application, if applicable.

Application 

Protocol ID

uint32

The internal identification number for the 

application protocol, if applicable.

Access 

Control Rule 

ID

uint32

A rule ID number that acts as a unique identifier 

for the access control rule.

Access 

Control Policy 

UUID

uint8[16]

A policy ID number that acts as a unique 

identifier for the access control policy.

Ingress 

Interface 

UUID

uint8[16]

An interface ID number that acts as a unique 

identifier for the ingress interface.

Egress 

Interface 

UUID

uint8[16]

An interface ID number that acts as a unique 

identifier for the egress interface.

Intrusion Event (IPv4) Record Fields (Continued)