Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
514
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Legacy Discovery Event Header
Discovery Event Header 4.8.0.2-5.1.1.x
Discovery and connection event messages contain a discovery event header. It
conveys the type and subtype of the event, the time the event occurred, the
device on which the event occurred, and the structure of the event data in the
message. This header is followed by the actual host discovery, user, or
connection event data. The structures associated with the different event type/
subtype values are described in
page 205.
The event type and event subtype fields of the discovery event header identify
The event type and event subtype fields of the discovery event header identify
the structure of the transmitted event message. Once the structure of the event
data block is determined, your program can parse the message appropriately.
The shaded rows in the following diagram illustrate the format of the discovery
The shaded rows in the following diagram illustrate the format of the discovery
event header.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)