The Cisco Event Streamer (also known as eStreamer) allows you to stream Firepower System events to external client applications.
While eStreamer continues to support the binary streaming of events, you may also request fully-qualified events. These events
are in a clear text format with metadata resolved. This guide describes how to request these fully-qualified events from the
eStreamer service.
Connection events, intrusion events, intrusion packets, and file events are available as fully-qualified events from a Management
Center.
Note that eStreamer is not supported on NGIPSv, Firepower Services, Firepower Threat Defense Virtual, and Firepower Threat
Defense. To stream events from these devices, you can configure eStreamer on the Management Center that the device reports
to.
eStreamer uses a custom application layer protocol to communicate with connected client applications. As the purpose of eStreamer
is simply to return data that the client requests, the majority of this guide describes the eStreamer formats for the requested
data.
There are four major steps to creating and integrating an eStreamer client with a Firepower System:
1. Write a client application that exchanges messages with the Management Center or managed device using the eStreamer application
protocol.
2. Configure a Management Center or device to send the required type of events to your client application.
3. Connect your client application to the Management Center or device.
4.Specify the data and format you want and begin exchanging data.
This guide provides the information you need to successfully create and run an eStreamer client application which receives
fully-qualified events.