Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table describes the fields in the record header and the event header of the discovery event 
message.

Messages with connection statistics have a structure identical to discovery event messages. See 

 for general message format information. Connection event 

messages are distinct in terms of the data block types they incorporate.

The graphic below shows the general structure of correlation (compliance) event messages. The standard 
eStreamer message header and record header are followed immediately by a data block in the data record 
section of the message. Correlation messages use Series 1 data blocks.

eStreamer Server Timestamp

(for events only)

Reserved for Future Use

(for events only)

Discovery Event Header

Series 1 Data Block

See 

...

Record Type

uint32

Identifies the data record content type. See 

for the list of record types.

Record Length

uint32

Length of the content of the message after the record header. 
Does not include the 8 or 16 bytes of the record header. (Record 
Length plus the length of the record header equals Message 
Length.)

eStreamer Server 
Timestamp

uint32

Indicates the timestamp applied when the event was archived by 
the eStreamer server. Also called the archival timestamp. Field 
present only if bit 23 is set in the request flags field of the event 
stream request.

Reserved for future 
use

uint32

Reserved for future use. Field present only if bit 23 is set in the 
request message flags. 

Discovery Event 
Header

Varied

Contains a number of fields, including the event type and 
subtype, which together form a unique key to the data structure 
that follows. See 

definitions of fields in the discovery event header.