Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
16
C
HAPTER
2
U
NDERSTANDING
THE
E
S
TREAMER
A
PPLICATION
P
ROTOCOL
The Sourcefire Event Streamer (eStreamer) uses a message-oriented protocol to
stream events and host profile information to your client application. Your client
can request event and host profile data from a Defense Center, and intrusion
event data only from a managed device. Your client application initiates the data
stream by submitting request messages, which specify the data to be sent, and
then controls the message flow from the Defense Center or managed device
once streaming begins.
Throughout this document, the eStreamer service on the Defense Center or a
Throughout this document, the eStreamer service on the Defense Center or a
managed device may be referred to as the eStreamer server or eStreamer.
The following sections describe requirements for connecting to the eStreamer
The following sections describe requirements for connecting to the eStreamer
service and introduce commands and data formats used in the eStreamer
protocol:
•
on page 17 describes the communication flow
between the eStreamer service and your client and describes how the
client interacts with it.
•
on page 17 describes the
communication protocol for client applications to submit data requests to
the eStreamer server and for eStreamer to deliver the requested
information to the client.
•
on page 22 describes the
message types used in the eStreamer protocol, discusses the basic
structure of data packets used by eStreamer to return intrusion event data,
discovery event data, metadata, and host data to a client, and provides
other information to help you write a client that can interpret eStreamer
messages.