Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Firepower Management Center 2000
  5. Entwickleranleitung

Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Download
Seite von 726
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
423
Configuring eStreamer
Configuring the eStreamer Reference Client
Chapter 6
For example, to create a PCAP file named 
test.pcap
 using events streamed 
from an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o pcap -f test.pcap
Capturing CSV Records Using the Reference Client
You can also use the reference client to capture streamed intrusion event data in a 
CSV file to see the structure of the data the client receives. 
Use the following syntax to run the 
streamer_csv.pl
 script:
./ssl_test.pl
 
eStreamerServerIPAddress
 -o csv -f 
ResultingCSVFile
For example, to create a CSV file named 
test.csv
 using events streamed from 
an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o csv -f test.csv
Sending Records to an SNMP Server Using the Reference Client
You can also use the reference client to stream intrusion event data to an SNMP 
server. Use the 
-f
 option to indicate the name of the SNMP trap server that 
should receive events. Note that this output method requires a binary named 
snmptrapd
 in the path and therefore only works on UNIX-like systems.
Use the following syntax to send intrusion events to an SNMP server:
./ssl_test.pl eStreamerServerIPAddress -o snmp 
 
-f SNMPServerName
For example, to send events to an SNMP server at 10.10.0.3 using events 
streamed from an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o snmp -f 10.10.0.3
Logging Events to the Syslog Using the Reference Client
You can also use the reference client to stream intrusion events to the local 
syslog server on the client. 
Use the following syntax to send events to the syslog:
./ssl_test.pl 
eStreamerServerIPAddress
 -o syslog
For example, to log events streamed from an eStreamer server with an IP 
address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o syslog
Connecting to an IPv6 Address
You can use the reference client to connect to a Defense Center with an IPv6 
address through the primary management interface. You must have the Socket6 
and IO::Socket::INET6 Perl modules installed on the client machine and use the
-
ipv6
 option or the shortened form 
-i
.