Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
44
Understanding the eStreamer Application Protocol
Event Data Message Format
Chapter 2
The
table describes each field
in the record header of correlation event messages.
Event Extra Data Message Format
The graphic below shows the structure of event extra data messages. The
Intrusion Event Extra Data message is an example of this message group.
Correlation Event Message Record Header Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Record
Type
uint32
Identifies the data record content type. See the
on page 65 for the list of intrusion,
correlation, and metadata record types.
Record
Length
uint32
Length of the content of the message after the
record header. Does not include the 8 or 16 bytes
of the record header. (Record Length plus the
length of the record header equals Message
Length.)
eStreamer
Server
Timestamp
uint32
Indicates the timestamp applied when the event
was archived by the eStreamer server. Also called
the archival timestamp.
Field present only if bit 23 is set in the request
Field present only if bit 23 is set in the request
message flags.
Field is zero for data generated by the Defense
Field is zero for data generated by the Defense
Center such as host profiles and metadata.
Reserved
for future
use
uint32
Reserved for future use.
Field present only if bit 23 is set in the request
Field present only if bit 23 is set in the request
message flags.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Message Header
See
Record Header
Data Blocks...
See