Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

The fields of a message bundle message are:

The eStreamer server can provide metadata along with requested event records. To receive metadata, you 
must explicitly request it. See 

 for information on how to request a given version 

of metadata. The metadata provides context information for codes and numeric identifiers in the event 
records. For example, an intrusion event contains only the internal identifier of the detecting device, and 
the metadata provides the device’s name.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4002)

Message Length

Connection ID

Sequence Number

Event Messages...

Header Version

uint16

Always 

1

.

Message Type

uint16

Always 

4002

.

Message Length

uint32

Length of the content of the message after the message header. Does 
not include the bytes in the bundle’s Header Version, Message Type, 
and Message Length fields.

As the client loads a message from the bundle, it can subtract the 
message’s total length (including header) from the length in this 
field. As long as the remainder is positive, there are more messages 
to process.

Connection ID

uint32

A unique identifier for the connection with the server.

Sequence Number

uint32

Starts at 1 and increments by one for each bundle sent by the 
eStreamer server.

Event Messages []

array

The events streamed by the server in the bundle. Each message has a 
full set of headers, including message version number (1), archive 
timestamp if requested, and so forth.