Cisco Cisco Firepower Management Center 2000 개발자 가이드

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

Understanding the eStreamer Application Protocol

Event Data Message Format

Chapter 2

The

Intrusion Event and Metadata Record Header Fields

table describes each

field in the header of intrusion events and metadata messages.

Discovery Event Message Format

The graphic below shows the structure of discovery event messages. The

standard eStreamer message header and event record header are followed by a

discovery event header used only in discovery and user event messages. The

discovery event header section of the message contains the discovery event type

and subtype fields, which together form a key to the data block that follows. For

Intrusion Event and Metadata Record Header Fields

IELD

ATA

YPE

ESCRIPTION

Record

Type

uint32

Identifies the data record content type. See the

Intrusion Event and General Metadata Record

Types table

on page 65 for the list of record types.

Record

Length

uint32

Length of the content of the message after the

record header. Does not include the 8 or 16 bytes

of the record header. (Record Length plus the

length of the record header equals Message

Length.)

eStreamer

Server

Timestamp

uint32

Indicates the timestamp applied when the event

was archived by the eStreamer server. Also called

the archival timestamp.
Field present only if bit 23 is set in the request

message flags.

Reserved

for future

use

uint32

Reserved for future use.
Field present only if bit 23 is set in the request

message flags.