Cisco Cisco Firepower Management Center 2000 개발자 가이드
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
40
Understanding the eStreamer Application Protocol
Event Data Message Format
Chapter 2
The
table describes each
field in the header of intrusion events and metadata messages.
Discovery Event Message Format
The graphic below shows the structure of discovery event messages. The
standard eStreamer message header and event record header are followed by a
discovery event header used only in discovery and user event messages. The
discovery event header section of the message contains the discovery event type
and subtype fields, which together form a key to the data block that follows. For
Intrusion Event and Metadata Record Header Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Record
Type
uint32
Identifies the data record content type. See the
on page 65 for the list of record types.
Record
Length
uint32
Length of the content of the message after the
record header. Does not include the 8 or 16 bytes
of the record header. (Record Length plus the
length of the record header equals Message
Length.)
eStreamer
Server
Timestamp
uint32
Indicates the timestamp applied when the event
was archived by the eStreamer server. Also called
the archival timestamp.
Field present only if bit 23 is set in the request
Field present only if bit 23 is set in the request
message flags.
Reserved
for future
use
uint32
Reserved for future use.
Field present only if bit 23 is set in the request
Field present only if bit 23 is set in the request
message flags.