Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

719

Understanding Legacy Data Structures

Legacy Metadata Structures

Appendix B

The 

 table describes the components of 

the IP Range Specification data block.

 

Legacy Metadata Structures

The following legacy data structures apply to versions of the system before 5.1:

Detection Engine Record for 4.6.1 - 4.10.x

The eStreamer service transmits metadata containing device information for an 

event within a Detection Engine record, the format of which is shown below. 
The Detection Engine for 4.6.1+ contains the same fields as the Detection Engine 

record for 4.6 but has a new UUID field. Detection Engine information is sent 

when the Version 3 or Version 4 metadata flag—bit 15 or bit 20 in the Request 

Flags field of a request message—is set. See 

 on page 30. The 

Record Type field has a value of 68.

IP Range Specification Data Block Fields 

IP Range 

Specification 

Block Type

uint32

Initiates a IP Range Specification data block. 

This value is always 61.

IP Range 

Specification 

Block Length

uint32

Total number of bytes in the IP Range 

Specification data block, including eight bytes 

for the IP Range Specification block type and 

length fields, plus the number of bytes of IP 

range specification data that follows.

IP Range 

Specification 

Start

uint32

The starting IP address for the IP address 

range.

IP Range 

Specification 

End

uint32

The ending IP address for the IP address range.