Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
2-36
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Understanding Metadata
The fields of a message bundle message are:
Understanding Metadata
The eStreamer server can provide metadata along with requested event records. To receive metadata, you
must explicitly request it. See
must explicitly request it. See
for information on how to request a given version
of metadata. The metadata provides context information for codes and numeric identifiers in the event
records. For example, an intrusion event contains only the internal identifier of the detecting device, and
the metadata provides the device’s name.
records. For example, an intrusion event contains only the internal identifier of the detecting device, and
the metadata provides the device’s name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4002)
Message Length
Connection ID
Sequence Number
Event Messages...
Table 2-23
Message Bundle Message Fields
Field
Data Type
Description
Header Version
uint16
Always
1
.
Message Type
uint16
Always
4002
.
Message Length
uint32
Length of the content of the message after the message header. Does
not include the bytes in the bundle’s Header Version, Message Type,
and Message Length fields.
not include the bytes in the bundle’s Header Version, Message Type,
and Message Length fields.
As the client loads a message from the bundle, it can subtract the
message’s total length (including header) from the length in this
field. As long as the remainder is positive, there are more messages
to process.
message’s total length (including header) from the length in this
field. As long as the remainder is positive, there are more messages
to process.
Connection ID
uint32
A unique identifier for the connection with the server.
Sequence Number
uint32
Starts at 1 and increments by one for each bundle sent by the
eStreamer server.
eStreamer server.
Event Messages []
array
The events streamed by the server in the bundle. Each message has a
full set of headers, including message version number (1), archive
timestamp if requested, and so forth.
full set of headers, including message version number (1), archive
timestamp if requested, and so forth.