Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-18
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Event Data Message Format
Intrusion Event and Metadata Message Format
The graphic below shows the general structure of intrusion event and metadata messages.
The following graphic shows the details of the record header portion of the intrusion event and metadata
message format. The record header fields are shaded. The table that follows defines the fields.
message format. The record header fields are shaded. The table that follows defines the fields.
The following table describes each field in the header of intrusion events and metadata messages.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Message Header
Record Header
Data Record
...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (3)
Message Length
Record Type
Record Length
eStreamer Server Timestamp
(for events only, not used in metadata records)
Reserved for Future Use
(for events only, not used in metadata records)
Data
...
Table 2-8
Intrusion Event and Metadata Record Header Fields
Field
Data Type
Description
Record Type
uint32
Identifies the data record content type. See
list of record types.
Record
Length
Length
uint32
Length of the content of the message after the record header. Does not
include the 8 or 16 bytes of the record header. (Record Length plus the
length of the record header equals Message Length.)
include the 8 or 16 bytes of the record header. (Record Length plus the
length of the record header equals Message Length.)