Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

You can use the 

ssl_test.pl

 script to test the connection between the eStreamer server and the 

eStreamer client. The 

ssl_test.pl

 script handles any record type and prints it to STDOUT or to an 

output plugin you specify. When you use the 

-h

 option without an output option, it streams host data for 

the specified hosts to your terminal.

You cannot use this script to stream packet data without directing it to an output plugin because printing 
raw packet data to STDOUT interferes with your terminal.

Use the following syntax to use the 

ssl_test.pl

 script to send host data to the standard output:

./ssl_test.pl eStreamerServerIPAddress -h HostIPAddresses

For example, to test receipt of host data for the hosts in the 10.0.0.0/8 subnet over a connection to an 
eStreamer server with an IP address of 10.10.0.4:

./ssl_test.pl 10.10.0.4 -h 10.0.0.0/8

You can use the reference client to capture streamed packet data in a PCAP file to see the structure of 
the data the client receives. Note that you must use 

-f

 to specify a target file when you use the 

-o pcap

 

output option. 

Use the following syntax to capture streamed packet data in a PCAP file using the 

ssl_test.pl

 script:

./ssl_test.pl eStreamerServerIPAddress -o pcap -f ResultingPCAPFile

For example, to create a PCAP file named 

test.pcap

 using events streamed from an eStreamer server 

with an IP address of 10.10.0.4:

./ssl_test.pl 10.10.0.4 -o pcap -f test.pcap

You can also use the reference client to capture streamed intrusion event data in a CSV file to see the 
structure of the data the client receives. 

Use the following syntax to run the 

streamer_csv.pl

 script:

./ssl_test.pl

 

eStreamerServerIPAddress -o csv -f ResultingCSVFile

For example, to create a CSV file named 

test.csv

 using events streamed from an eStreamer server with 

an IP address of 10.10.0.4:

./ssl_test.pl 10.10.0.4 -o csv -f test.csv