next up previous contents
Next: Unified2 Packet Up: Unified2 File Format Previous: Unified2 File Format   Contents

Serial Unified2 Header

    record type             4 bytes
    record length           4 bytes

All unified2 records are preceded by a Serial Unified2 header. This unified2 record allows an interpretting application to skip past and apply simple heuristics against records.

The Record Type indicates one of the following unified2 records follows the Serial Unified2 Header:

    Value           Record Type
    ----------      -----------
    2               Unified2 Packet
    7               Unified2 IDS Event
    72              Unified2 IDS Event IP6
    104             Unified2 IDS Event      (Version 2)
    105             Unified2 IDS Event IP6  (Version 2)
    110             Unified2 Extra Data

The record length field specifies the entire length of the record (not including the Serial Unified2 Header itself) upto the next Serial Unified2 Header or EOF.

Eugene Misnik 2013-05-08