Re: estreamer_client ERROR: Remote host closed soc...

s_ruggiero · ‎05-01-2015

hi all,

while try running the command: perl estreamer_client.pl -c ../default/estreamer.conf -t
so i can test connection with my SourceFire DC, iam getting this error and none logs are exported:

SFPkcs12 : Writing ./server.crt
SFPkcs12 : Writing ./server.key
Retrieving metadata from file ./metadata.dat
Error loading metadata from file (./metadata.dat): at estreamer_client.pl line 1175.
[371] Connecting to 192.168.X.XX port 8302
[371] Opening event stream
Remote host closed socket at line 1735.

i try also to run: check_client.py but it didnt give any error, even if logs with that time in the log directory are empy:

[31990] Daemonizing process
event_sec=1430490301 status_id=2 status="Started eStreamer client."

any advice or help on how can i solve this issue?

Best Regards

lkouajie · ‎01-06-2016

You have to generate a new client certificate for host where the estreamer client is running

cpraz_ord · ‎09-14-2017

Hi wondering if anyone has solved this...

cpraz_ord · ‎09-14-2017

Here's the fix...
Adding Authentication for eStreamer Clients

link text

cpraz_ord · ‎09-14-2017

https://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/estreamer/EventStreamerIntegrationG...

s_ruggiero · ‎05-04-2015

noone have ideas or suggestions ?

estreamer_client ERROR: Remote host closed socket at SFStreamer.pm line 1735

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation