estreamer_client ERROR: Remote host closed socket ...

s_ruggiero · ‎05-01-2015

hi all,

while try running the command: perl estreamer_client.pl -c ../default/estreamer.conf -t
so i can test connection with my SourceFire DC, iam getting this error and none logs are exported:

SFPkcs12 : Writing ./server.crt
SFPkcs12 : Writing ./server.key
Retrieving metadata from file ./metadata.dat
Error loading metadata from file (./metadata.dat): at estreamer_client.pl line 1175.
[371] Connecting to 192.168.X.XX port 8302
[371] Opening event stream
Remote host closed socket at line 1735.

i try also to run: check_client.py but it didnt give any error, even if logs with that time in the log directory are empy:

[31990] Daemonizing process
event_sec=1430490301 status_id=2 status="Started eStreamer client."

any advice or help on how can i solve this issue?

Best Regards

lkouajie · ‎01-06-2016

You have to generate a new client certificate for host where the estreamer client is running

cpraz_ord · ‎09-14-2017

Hi wondering if anyone has solved this...

cpraz_ord · ‎09-14-2017

Here's the fix...
Adding Authentication for eStreamer Clients

link text

cpraz_ord · ‎09-14-2017

https://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/estreamer/EventStreamerIntegrationG...

s_ruggiero · ‎05-04-2015

noone have ideas or suggestions ?

estreamer_client ERROR: Remote host closed socket at SFStreamer.pm line 1735

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?