Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
423
Configuring eStreamer
Configuring the eStreamer Reference Client
Chapter 6
For example, to create a PCAP file named
test.pcap
using events streamed
from an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o pcap -f test.pcap
Capturing CSV Records Using the Reference Client
You can also use the reference client to capture streamed intrusion event data in a
CSV file to see the structure of the data the client receives.
Use the following syntax to run the
Use the following syntax to run the
streamer_csv.pl
script:
./ssl_test.pl
eStreamerServerIPAddress
-o csv -f
ResultingCSVFile
For example, to create a CSV file named
test.csv
using events streamed from
an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o csv -f test.csv
Sending Records to an SNMP Server Using the Reference Client
You can also use the reference client to stream intrusion event data to an SNMP
server. Use the
-f
option to indicate the name of the SNMP trap server that
should receive events. Note that this output method requires a binary named
snmptrapd
in the path and therefore only works on UNIX-like systems.
Use the following syntax to send intrusion events to an SNMP server:
./ssl_test.pl eStreamerServerIPAddress -o snmp
-f SNMPServerName
For example, to send events to an SNMP server at 10.10.0.3 using events
streamed from an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o snmp -f 10.10.0.3
Logging Events to the Syslog Using the Reference Client
You can also use the reference client to stream intrusion events to the local
syslog server on the client.
Use the following syntax to send events to the syslog:
Use the following syntax to send events to the syslog:
./ssl_test.pl
eStreamerServerIPAddress
-o syslog
For example, to log events streamed from an eStreamer server with an IP
address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o syslog
Connecting to an IPv6 Address
You can use the reference client to connect to a Defense Center with an IPv6
address through the primary management interface. You must have the Socket6
and IO::Socket::INET6 Perl modules installed on the client machine and use the
-
ipv6
option or the shortened form
-i
.