Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The shaded section of the following graphic shows the fields of the record header in event extra data 
messages. The table that follows defines the record header fields for event extra data messages.

The following table describes each field in the record header of event extra data messages.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (3)

Message Length

Record Type

See 

Record Length

eStreamer Server Timestamp 

(for events only, not used in metadata records)

Reserved for Future Use

(for events only, not used in metadata records)

Data Record Block

Uses series 2 block, see 

...

Record Type

uint32

Identifies the data record content type. See 

 for 

the list of event extra data record types.

Record Length

uint32

Length of the content of the message after the record header. Does 
not include the 8 or 16 bytes of the record header. (Record Length 
plus the length of the record header equals Message Length.)

eStreamer Server 
Timestamp

uint32

Indicates the timestamp applied when the event was archived by the 
eStreamer server. Also called the archival timestamp.

Field present only if bit 23 is set in the request message flags. Field 
is not present for events generated by the Defense Center.

Reserved for 
future use

uint32

Reserved for future use.

Field present only if bit 23 is set in the request message flags. Field 
is not present for events generated by the Defense Center.