Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
17
Understanding the eStreamer Application Protocol
Connection Specifications
Chapter 2
Connection Specifications
The eStreamer service:
•
Communicates using TCP over an SSL connection (the client application
must support SSL-based authentication).
•
Accepts connection requests on port 8302.
•
Waits for the client to initiate all communication sessions.
•
Writes all message fields in network byte order (big endian).
•
Encodes text in UTF-8.
Understanding eStreamer Communication Stages
There are four major stages of communication that occur between a client and
the eStreamer service:
1. The client establishes a connection with the eStreamer server and the
1. The client establishes a connection with the eStreamer server and the
connection is authenticated by both parties.
See
See
on page 18 for more
information.
2. The client requests data from the eStreamer service and specifies the types
of data to be streamed. A single event request message can specify any
combination of available event data, including event metadata. A single host
profile request can specify a single host or multiple hosts.
Two request modes are available for requesting event data:
Two request modes are available for requesting event data:
•
Event Stream Request - the client submits a message containing
request flags that specify the requested event types and version of
each type, and the eStreamer server responds by streaming the
requested data.
•
Extended Request - the client submits a request with the same
message format as for Event Stream requests but sets a flag for an
extended request. This initiates a message interaction between client
and eStreamer server through which the client requests additional
information and version combinations not available via Event Stream
requests.
3. eStreamer establishes the requested data stream to the client.
See
on page 21 for more information.
4. The connection terminates.
See
on page 22 for more information.