Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
26
Understanding the eStreamer Application Protocol
Error Message Format
Chapter 2
An example of a null message in binary format follows. Notice that the only non-
zero value is in the second byte, signifying a header version value of one. The
message type and length fields (shaded) each have a value of zero.
TIP!
Examples in this guide appear in binary format to clearly display which bits
are set. This is important for some messages, such as the event request
message and event impact fields.
Error Message Format
Both the client application and the eStreamer service use error messages. Error
messages have a message type of 1 and contain a header, an error code, an error
text length, and the actual error text. Error text can contain between zero and
65,535 bytes.
When you create custom error messages for your client application, Sourcefire
When you create custom error messages for your client application, Sourcefire
recommends using -1 as the error code.
The following graphic illustrates the basic error message format. Shaded fields
The following graphic illustrates the basic error message format. Shaded fields
are specific to error messages.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (1)
Message Length
Error Code
Error Text Length
Error Text...