Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
6-14
FireSIGHT eStreamer Integration Guide
Chapter 6 Configuring eStreamer
Configuring the eStreamer Reference Client
•
•
•
Testing a Client Connection over SSL Using a Host Request
You can use the
ssl_test.pl
script to test the connection between the eStreamer server and the
eStreamer client. The
ssl_test.pl
script handles any record type and prints it to STDOUT or to an
output plugin you specify. When you use the
-h
option without an output option, it streams host data for
the specified hosts to your terminal.
Note
You cannot use this script to stream packet data without directing it to an output plugin because printing
raw packet data to STDOUT interferes with your terminal.
raw packet data to STDOUT interferes with your terminal.
Use the following syntax to use the
ssl_test.pl
script to send host data to the standard output:
./ssl_test.pl eStreamerServerIPAddress -h HostIPAddresses
For example, to test receipt of host data for the hosts in the 10.0.0.0/8 subnet over a connection to an
eStreamer server with an IP address of 10.10.0.4:
eStreamer server with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -h 10.0.0.0/8
Capturing a PCAP Using the Reference Client
You can use the reference client to capture streamed packet data in a PCAP file to see the structure of
the data the client receives. Note that you must use
the data the client receives. Note that you must use
-f
to specify a target file when you use the
-o pcap
output option.
Use the following syntax to capture streamed packet data in a PCAP file using the
ssl_test.pl
script:
./ssl_test.pl eStreamerServerIPAddress -o pcap -f ResultingPCAPFile
For example, to create a PCAP file named
test.pcap
using events streamed from an eStreamer server
with an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o pcap -f test.pcap
Capturing CSV Records Using the Reference Client
You can also use the reference client to capture streamed intrusion event data in a CSV file to see the
structure of the data the client receives.
structure of the data the client receives.
Use the following syntax to run the
streamer_csv.pl
script:
./ssl_test.pl
eStreamerServerIPAddress -o csv -f ResultingCSVFile
For example, to create a CSV file named
test.csv
using events streamed from an eStreamer server with
an IP address of 10.10.0.4:
./ssl_test.pl 10.10.0.4 -o csv -f test.csv