Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

516

Understanding Legacy Data Structures

Legacy Discovery Data Structures

Appendix B

Legacy Server Data Blocks

For more information, see the following sections:

Host Server Data Block for Version 4.9.0.x

The Host Server data block conveys information about servers identified by the 

system, including the server port, the frequency of use, last use, and confidence, 

as well as lists of server information blocks and sub-server blocks for the host for 

the event. Host Server data blocks are contained in messages for new TCP and 

UDP servers and changes to TCP and UDP servers.
Server data for this data block for 4.9.0.x is encapsulated in lists of server 

information blocks rather than through individual fields, allowing for multiple 

servers. 
The Host Server data block has a block type of 89.

Event Type

uint32

Event type (1000 for new events, 1001 for 

change events, 1002 for user input events, 

1050 for full host profile). See 

 on page 205 for a list 

of available event types.

Event Subtype

uint32

Event subtype. See 

 on page 205 for a list of available 

event subtypes.

File Number

byte[4]

Serial file number. This field is for Sourcefire 

internal use and can be disregarded.

File Position

byte[4]

Event’s position in the serial file. This field is 

for Sourcefire internal use and can be 

disregarded.

Discovery Event Header Fields (Continued)