Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The graphic below shows the structure of discovery event messages. The standard eStreamer message 
header and event record header are followed by a discovery event header used only in discovery and user 
event messages. The discovery event header section of the message contains the discovery event type 
and subtype fields, which together form a key to the data block that follows. For the current discovery 
event types and subtypes, see 

.

The shaded section in the following graphic shows the fields of the record header in the discovery event 
data message format, and shows the location of the event header that follows it. The following table 
defines the fields of the discovery event message headers.

eStreamer 
Server 
Timestamp

uint32

Indicates the timestamp applied when the event was archived by the 
eStreamer server. Also called the archival timestamp.

Field present only if bit 23 is set in the request message flags.

Reserved for 
future use

uint32

Reserved for future use.

Field present only if bit 23 is set in the request message flags.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Message Header

Discovery Event Record Header

 for field details.

Discovery Event Header

See 

 for field details.

Series 1 Data Block

See 

...

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (3)

Message Length

Record Type

See 

Record Length