Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-35
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Message Bundle Format
Streaming Request Message
Below is a Streaming Request message where the client requests service type
6667
(eStreamer) and
specifies two event types: version 6 of connection events (event type
71
) and version
4
of metadata (event
type
21
).
Message Bundle Format
The eStreamer server sends messages in a bundle format when the client submits an extended request.
The client responds with a null message to acknowledge receipt of an entire bundle. The client should
not acknowledge receipt of individual messages in a bundle.
not acknowledge receipt of individual messages in a bundle.
Message bundles have a message type of
4002
.
The graphic below shows the structure of a message bundle. The shaded fields are specific to the bundle
message type. The following table describes the content of the fields and data structures.
message type. The following table describes the content of the fields and data structures.
Service[2].Length
8
Service[2].Flags
0
/*no flags from server*/
Service[2].Initial Timestamp
0
/*always
0
*/
Header Version:
1
/*always
1
*/
Message Type:
2051
/*streaming info msg*/
Table 2-21
Table 2-22
Header Version:
1
/*always
1
*/
Message Type:
2049
/*stream request msg*/
Message Length
28
/*payload bytes*/
Service[1].Type
6667
/*eStreamer service ID*/
Service[1].Length
20
Service[1].Flags
30
/*original flags value*/
Service[1].Initial Timestamp
0
/*original timestamp*/
Service[1].Event[1].Version
6
/*version 6*/
Service[1].Event[1].Type
71
/*connection events*/
Service[1].Event[2].Version
4
/* version 4*/
Service[1].Event[2].Type
21
/*metadata*/
Service[1].Event[3].Version
0
/*terminate event list*/
Service[1].Event[3].Type
0
/*terminate event list*/