Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
516
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Legacy Server Data Blocks
For more information, see the following sections:
•
•
•
•
•
•
•
Host Server Data Block for Version 4.9.0.x
The Host Server data block conveys information about servers identified by the
system, including the server port, the frequency of use, last use, and confidence,
as well as lists of server information blocks and sub-server blocks for the host for
the event. Host Server data blocks are contained in messages for new TCP and
UDP servers and changes to TCP and UDP servers.
Server data for this data block for 4.9.0.x is encapsulated in lists of server
Server data for this data block for 4.9.0.x is encapsulated in lists of server
information blocks rather than through individual fields, allowing for multiple
servers.
The Host Server data block has a block type of 89.
The Host Server data block has a block type of 89.
Event Type
uint32
Event type (1000 for new events, 1001 for
change events, 1002 for user input events,
1050 for full host profile). See
on page 205 for a list
of available event types.
Event Subtype
uint32
on page 205 for a list of available
event subtypes.
File Number
byte[4]
Serial file number. This field is for Sourcefire
internal use and can be disregarded.
File Position
byte[4]
Event’s position in the serial file. This field is
for Sourcefire internal use and can be
disregarded.
Discovery Event Header Fields (Continued)
F
IELD
D
ATA
T
YPES
D
ESCRIPTION