Install the Package in a Linux environment
Install the Package in a Windows Environment
Use the SSL Sessions Tool to parse SSL session log information within an exported session log generated by a Cisco SSL Appliance. This guide provides an overview of the SSL Sessions tool and its installation. The tool can parse binary SSL session log files, filter on assorted fields, and save the data in the CSV format, for use by other applications. The SSL Sessions tool can be used in command line or in GUI mode.
Descriptions of all the commands are provided in the documentation generated by the tool: Using the SSL Sessions Tool. The tool and tool documentation are available on cisco.com
This version of the SSL Sessions tool supports SSL 3.5 and later.
The SSL Sessions tool operates with SSL 3.8.x session log files by default. To work with a file exported in another version of SSL Appliance software, set the SSL Version in the tool (option available from both the command line and the GUI). For example, set the Version to 3.5 to work with session output files from SSL 3.5.x, 3.6 for 3.6.x, or 3.7 for 3.7.x, and so on.
This version of the SSL Sessions tool supports data export in space-delimited format, for use with Blue Coat Reporter. Use the -R
option from the command line to output the .csv
file in Reporter format. See the Using the SSL Sessions Tool for syntax information.
Cisco SSL Appliance software is subject to licensing terms and conditions imposed by Cisco and third party software providers.
. For more information, see the following sections:
The SSL Sessions tool is provided as a zipped package which must be installed on the host system. The package file name is sslsessions-n.n.n.zip
, where n.n.n
is a version number for the package. After installation, the tool can be run from the command line or as a GUI application (requires wxPython 2.9).
Step 1 Copy the file to the host system.
Step 2 At a command line type in the following:
unzip sslsessions-n.n.n.zip
cd sslsessions-n.n.n
python setup.py install
Tip You must be logged on as a user with privileges that allow software installation.
On Windows systems, additional steps are required to complete the installation. You must add the directory where the script was installed to your system path. To do this, open a Run
window (click Start
, type run
, and click Enter
),
Step 1 In the Run window, enter
C:\windows\system3
2\rundll32.exe" sysdm.cpl,EditEnvironmentVariables
Step 2 Click
OK
. The Environment Variables
window displays.
Step 3 In the top panel labeled
User variables for <user name>
, select the PATH
entry, then click Edit
. The Edit User Variable
windows displays.
Step 4 Enter the path to your unzipped file in the
Variable
value field, followed by a semicolon. An example is shown next.
Note The example uses Python 2.7. The SSL Sessions tool requires Python 2.6.x or 2.7.x (Python 3.x is not supported).
Step 5 When the entry is correct, click
OK
. Exit the Environment Variables
window.
To verify that the SSL Diagnostics tool is installed correctly, open a command prompt and enter
host:<path>/sslsessions/$ sslsessions.py --version
Usage: sslsessions.py [options] [output-path]
Export csv data from filtered ssl session log files. [output-path] is required.
If no command line arguments are provided, the tool starts up in ui mode.
Set the mode (-M or --mode) to csv or report when using the tool from command line.
Version: n.n.n
The SSL Session Log Tool is an application that can parse binary ssl session log files, filter on various
fields and save the data in CSV format. It can be used in command line mode or in ui mode.
In ui mode the application looks like this:
Here is an example of command-line mode:
sslsessions.py -M csv -S../sessions_logs/ssl_session_log-20150115T173613
-d *.google.com../session_log_output
The event reading library for the tool is also accessible from the python installation.
This is a code example that reads the 1st log file from a command-line path argument and prints a
from ssl_sessions import readevents
for event in readevents.iter_session_log_events(
os.path.join(log_path, 'ssl_session_log.1.bin'), '3.8',
readevents.read_cert_store(log_path),
readevents.read_hsm_resigning_cas(log_path)):
print event.flowid.ID, event.flow, event.subject
class ssl_sessions.readevents.SessionLogEvent (data, sslng_version, cert_store=None,
Class representing a single session log event.
ssl_sessions.readevents.asn_parse_san_entry (data)
Parse an ASN entry to extract SAN IP and DNS name entries.
Parameters: data (str)
-- String data for SAN entry.
Returns: List of tuples of ( 'san_ip', str
) or ( 'dns_name, str
)
ssl_sessions.readevents.inet_ntoa_6 (address)
Convert a network format IPv6 address into text.
Parameters: address (str)
-- The binary address.
Returns: IP address in string format.
ssl_sessions.readevents.iter_all_filtered_events (options, progress_notify=None)
Iterator that returns only events filtered by options
ssl_sessions.readevents.read_cert_store (path)
Reads the certificate store pem file into a dict mapping fingerprints to dicts of certificate name
Parameters: path (str)
-- Filepath to the session log dictory.
Returns: Fingerprint to certificate info dictionary.
ssl_sessions.readevents.read_hsm_resigning_cas (path)
Reads the HSM Resigning CAs info from json format.
Parameters: path (str)
-- Filepath to the session log dictory.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco SSL Appliances, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
If you have any questions or require assistance with the Cisco SSL Appliance, you can also contact Cisco Support: