Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
22
Understanding the eStreamer Application Protocol
Understanding eStreamer Message Types
Chapter 2
The client unpacks each bundle, message by message, and uses the lengths of
the records and the blocks to parse each message. The overall message length in
each message header can be used to calculate when the end of each message
has been reached, and the overall bundle length can be used to know when the
end of the bundle is reached. The bundle requires no index of its contents to be
correctly parsed.
For information about the message bundling mechanism, see
For information about the message bundling mechanism, see
For information about the null message that the client can use for additional flow
Terminating Connections
The eStreamer server attempts to send an error message before closing the
connection. For information on error messages, see
page 26.
The eStreamer server can close a client connection for the following reasons:
The eStreamer server can close a client connection for the following reasons:
•
Any time sending a message results in an error. This includes both event
data messages and the null keep-alive message eStreamer sends during
periods of inactivity.
•
An error occurs while processing a client request.
•
Client authentication fails (no error message is sent).
•
eStreamer service is shutting down (no error message is sent).
Your client can close the connection to eStreamer server at any time and should
attempt to use the error message format to notify the eStreamer server of the
reason. For information, see
Understanding eStreamer Message Types
The eStreamer application protocol uses a simple message format that includes a
standard message header and various sub-header fields followed by the record
data which contains the message’s payload. The message header is the same in