Cisco Cisco Firepower Management Center 2000 開発者ガイド
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
19
Understanding the eStreamer Application Protocol
Understanding eStreamer Communication Stages
Chapter 2
Requesting Data from eStreamer
Your client performs the following high-level tasks in managing data requests:
•
initializing the request session — see
•
requesting events from the eStreamer event archive —
•
requesting host data — see
•
changing a request — see
Establishing a Session
The client establishes a session by sending an initial Event Stream request to the
eStreamer service.
In this initial message, you can either include data request flags or submit the
In this initial message, you can either include data request flags or submit the
data requests in a follow-on message. This initial Event Stream request message
itself is a prerequisite for all eStreamer requests, whether for event data or for
host data. For information about using the Event Stream request message, see
Using Event Stream Requests and Extended Requests to Initiate Event
Streaming
The eStreamer service provides two modes of requests for event streaming. Your
request can combine modes. In both modes, your client starts the request with
an Event Stream request message but sets the request flag bits differently. For
details about the Event Stream message format, see
When eStreamer receives an Event Stream request message, it processes the
client request as follows:
•
If the request message does not set bit 30 in the request flag field,
eStreamer begins streaming any events requested by other set bits in the
below.
•
If bit 30 is set in the Event Stream request, eStreamer provides extended
request processing. Extended request flags must be sent if this bit is set.
For information, see
below. Note that
eStreamer resolves any duplicate requests. If you request multiple versions
of the same data, either by multiple flags or multiple extended requests, the
highest version is used. For example, if eStreamer receives flag requests for
discovery events version 1 and 6 and an extended request for version 3, it
sends version 6.