Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
61
Understanding the eStreamer Application Protocol
Message Bundle Format
Chapter 2
Streaming Request Message
Below is a Streaming Request message where the client requests service type
6667 (eStreamer) and specifies two event types: version 6 of connection events
(event type 71) and version 4 of metadata (event type 21).
Message Bundle Format
The eStreamer server sends messages in a bundle format when the client
submits an extended request.
The client responds with a NULL message to acknowledge receipt of an entire
The client responds with a NULL message to acknowledge receipt of an entire
bundle. The client should not acknowledge receipt of individual messages in a
bundle.
Message bundles have a message type of 4002.
The graphic below shows the structure of a message bundle. The shaded fields
Message bundles have a message type of 4002.
The graphic below shows the structure of a message bundle. The shaded fields
are specific to the bundle message type. The following table describes the
content of the fields and data structures.
Header Version:
1
/*always 1*/
Message Type:
2049
/*stream request msg*/
Message Length
28
/*payload bytes*/
Service[1].Type
6667
/*eStreamer service ID*/
Service[1].Length
20
Service[1].Flags
30
/*original flags value*/
Service[1].Initial Timestamp
0
/*original timestamp*/
Service[1].Event[1].Version
6
/*version 6*/
Service[1].Event[1].Type
71
/*connection events*/
Service[1].Event[2].Version
4
/* version 4*/
Service[1].Event[2].Type
21
/*metadata*/
Service[1].Event[3].Version
0
/*terminate event list*/
Service[1].Event[3].Type
0
/*terminate event list*/