Cisco Cisco Firepower Management Center 2000 Guia Do Programador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
422
Configuring eStreamer
Configuring the eStreamer Reference Client
Chapter 6
Running the eStreamer Perl Reference Client
The eStreamer Perl reference client scripts are designed for use on a 64-bit
operating system with the Linux kernel but should work on any POSIX-based 64-
bit operating system, as long as the client machine meets the prerequisites
defined in
For more information, see the following sections:
•
•
•
•
•
•
Testing a Client Connection over SSL Using a Host Request
You can use the
ssl_test.pl
script to test the connection between the
eStreamer server and the eStreamer client. The
ssl_test.pl
script handles any
record type and prints it to STDOUT or to an output plugin you specify. When you
use the
-h
option without an output option, it streams host data for the specified
hosts to your terminal.
IMPORTANT!
You cannot use this script to stream packet data without directing
it to an output plugin because printing raw packet data to STDOUT interferes with
your terminal.
Use the following syntax to use the
ssl_test.pl
script to send host data to the
standard output:
./ssl_test.pl
eStreamerServerIPAddress
-h
HostIPAddresses
For example, to test receipt of host data for the hosts in the 10.0.0.0/8 subnet
over a connection to an eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -h 10.0.0.0/8
Capturing a PCAP Using the Reference Client
You can use the reference client to capture streamed packet data in a PCAP file to
see the structure of the data the client receives. Note that you must use
-f
to
specify a target file when you use the
-o pcap
output option.
Use the following syntax to capture streamed packet data in a PCAP file using the
ssl_test.pl
script:
./ssl_test.pl
eStreamerServerIPAddress
-o pcap
-f
ResultingPCAPFile