Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
2-20
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Event Data Message Format
The following table describes the fields in the record header and the event header of the discovery event
message.
message.
Connection Event Message Format
Messages with connection statistics have a structure identical to discovery event messages. See
messages are distinct in terms of the data block types they incorporate.
Correlation Event Message Format
The graphic below shows the general structure of correlation (compliance) event messages. The standard
eStreamer message header and record header are followed immediately by a data block in the data record
section of the message. Correlation messages use Series 1 data blocks.
eStreamer message header and record header are followed immediately by a data block in the data record
section of the message. Correlation messages use Series 1 data blocks.
eStreamer Server Timestamp
(for events only)
Reserved for Future Use
(for events only)
Discovery Event Header
Series 1 Data Block
See
...
Table 2-9
Discovery Event Message Header Fields
Field
Data Type
Description
Record Type
uint32
Identifies the data record content type. See
for the list of record types.
Record Length
uint32
Length of the content of the message after the record header.
Does not include the 8 or 16 bytes of the record header. (Record
Length plus the length of the record header equals Message
Length.)
Does not include the 8 or 16 bytes of the record header. (Record
Length plus the length of the record header equals Message
Length.)
eStreamer Server
Timestamp
Timestamp
uint32
Indicates the timestamp applied when the event was archived by
the eStreamer server. Also called the archival timestamp. Field
present only if bit 23 is set in the request flags field of the event
stream request.
the eStreamer server. Also called the archival timestamp. Field
present only if bit 23 is set in the request flags field of the event
stream request.
Reserved for future
use
use
uint32
Reserved for future use. Field present only if bit 23 is set in the
request message flags.
request message flags.
Discovery Event
Header
Header
Varied
Contains a number of fields, including the event type and
subtype, which together form a unique key to the data structure
that follows. See
subtype, which together form a unique key to the data structure
that follows. See
definitions of fields in the discovery event header.