HEllo All,
I am using cisco reference client (perl based client) . The connection is good. No errors.
But I am facing below issues:
I am using following command to pull the IDS events with signature ID, generator ID but I am not getting any events with specified signature ID.
./ssl_test.pl -v -pk <IP>.pkcs12 -pa password <FMC server IP> -s all -o print -f print-fmc.txt -s all -r <signature/rule ID, generator ID>
- Ideally we should receive events with signature ID = specified signature ID right ?
- Ideally we should receive IDS events with specified condition right ?
- How can I make sure the perl based client pulls all INTRUSION type events ?
- What FLAGs I need to use ? and where can I store them in perl modules to be used by ssl_test.pl script ?
- Which property of events is compared with the bookmark value set ?