Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
6-11
FireSIGHT eStreamer Integration Guide
Chapter 6 Configuring eStreamer
Configuring the eStreamer Reference Client
Modifying the Type of Data Requested by a Test Script
The
SFStreamer.pm
Perl module defines several request flag variables that you can use in the sample
scripts to request data. The following table indicates what request flag variable to call to set each request
flag in an event stream request message. If you want to request different data using one of the output
modules, you can edit the
flag in an event stream request message. If you want to request different data using one of the output
modules, you can edit the
$FLAG
settings in the module.
For more information on the request flags, the data they request, and the product versions corresponding
to each flag, see
to each flag, see
./ssl_test.pl
eStreamerServerName -o
pcap -f TargetPCAPFile
OutputPlugins/
pcap.pm
pcap.pm
Event stream
request, message
type 2, with bits 0
and 23 set to 1
request, message
type 2, with bits 0
and 23 set to 1
Packet data (see
and
)
eStreamer transmits only packet data because bit 0 is set
on the event stream request.
on the event stream request.
./ssl_test.pl
eStreamerServerName -o
csv -f CSVFile
OutputPlugins/
csv.pm
csv.pm
Event stream
request, message
type 2, with bits 2
and 23 set to 1
request, message
type 2, with bits 2
and 23 set to 1
Intrusion event data (see
and
)
eStreamer transmits type 1 intrusion events because bit
2 is set on the event stream request.
2 is set on the event stream request.
./ssl_test.pl
eStreamerServerName -o
snmp -f SNMPServer
OutputPlugins/
snmp.pm
snmp.pm
Event stream
request, message
type 2, with bits
2, 20, and 23 set
to 1
request, message
type 2, with bits
2, 20, and 23 set
to 1
Intrusion event data (see
and
)
eStreamer transmits type 1 intrusion events because bit
2 is set on the event stream request.
2 is set on the event stream request.
./ssl_test.pl
eStreamerServerName -o
syslog
OutputPlugins/
syslog.pm
syslog.pm
Event stream
request, message
type 2, with bits
2, 20, and 23 set
to 1
request, message
type 2, with bits
2, 20, and 23 set
to 1
Intrusion event data (see
and
)
eStreamer transmits type 1 intrusion events because bit
2 is set on the event stream request.
2 is set on the event stream request.
Table 6-3
Default Requests Made by Output Plugins (continued)
This syntax...
Calls plugin...
And sends...
To request the following data...
Table 6-4
Request Flag Variables Used in Sample Scripts
Variable
Sets Request
Flag...
Flag...
To request the following data...
$FLAG_PKTS
0
Packet data
$FLAG_METADATA
1
Version 1 metadata
$FLAG_IDS
2
Type 1 intrusion events
$FLAG_RNA
3
Version 1 discovery events
$FLAG_POLICY_EVENTS
4
Version 1 correlation events
$FLAG_IMPACT_ALERTS
5
Intrusion impact alerts
$FLAG_IDS_IMPACT_FLAG
6
Type 7 intrusion events
$FLAG_RNA_EVENTS_2
7
Version 2 discovery events
$FLAG_RNA_FLOW
8
Version 1 connection data
$FLAG_POLICY_EVENTS_2
9
Version 2 correlation events