Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-32
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Streaming Event Type Structure
Streaming Event Type Structure
eStreamer clients use the Streaming Event Type structure to specify an event’s version and version. Each
event version/type combination is a request for an event stream.
event version/type combination is a request for an event stream.
Lists of Streaming Event Type structures must be terminated with a structure with all fields set to zero.
That is:
That is:
Event Version = 0
Event Type = 0
The following diagram illustrates the format for the Streaming Event Type structure.
The fields of the Streaming Event Type structure are:
Initial Timestamp
uint32
In eStreamer’s Streaming Information messages: Always
0
.
In client’s Streaming Request message: replicates the
timestamp in the original Event Stream Request message.
timestamp in the original Event Stream Request message.
Streaming Event Type
array
In eStreamer’s Streaming Information message:
•
Reserved for future use. Has
0
length.
In client’s Streaming Request message:
•
One Streaming Event Type entry for each requested
event type. See
event type. See
•
Terminate the request list with a
0
Event Type entry,
with both Event Type and Version set to
0
.
See
Table 2-18
Streaming Service Request Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Event Version
Event Type
Table 2-19
Streaming Event Type Fields
Field
Data Type
Description
Event Version
uint16
Version number of event type. For list of versions supported for each
event type, see
event type, see
Event Type
uint16
Code for requested event type. For the current list of valid event types
and version codes, see
and version codes, see
.
List of event types should be terminated with a zero event type and zero
event version.
event version.