Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

166

Understanding Discovery & Connection Data Structures

Discovery and Connection Event Data Messages

Chapter 4

Discovery and Connection Event Record Types

The

Discovery and Connection Event Record Types

table below lists the event

record types for host discovery and connection events, and provides links to the

event message structure for each record type. The list includes metadata record

types as well. Some records contain a single data block which stores a specific

piece of data. These data blocks are broken up into series 1 blocks that contain

most types of data, and series 2 blocks that specifically contain discovery data.

The table also indicates the status of each version (current or legacy). A current

record is the latest version. A legacy record has been superseded by a later

version but can still be requested from eStreamer.

Discovery and Connection Event Record Types

ECORD

YPE

ONTAINS

LOCK

YPE

ERIES

ESCRIPTION

ECORD

TATUS

ATA

ORMAT

ESCRIBED

...

139

New Host Detected

Current

New Host and Host Last Seen

Messages

on page 206

103

New TCP Server

Current

Server Messages

on page 206

103

New UDP Server

Current

Server Messages

on page 206

New Network Protocol

Current

New Network Protocol Message

on page 207

New Transport

Protocol

Current

New Transport Protocol Message

on page 208

122

New Client Application

Current

Client Application Messages

page 208

103

TCP Server

Information Update

Current

Server Messages

on page 206

103

UDP Server

Information Update

Current

Server Messages

on page 206

OS Information

Update

Current

Operating System Update

Messages

on page 210

N/A

Host Timeout

Current

IP Address Reused and Host

Timeout/Deleted Messages

page 210

N/A

Host IP Address

Reused

Current

IP Address Reused and Host

Timeout/Deleted Messages

page 210