Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco SSL Appliance Session Tool

Available Languages

Download Options

  • PDF     (409.4 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (149.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (158.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 30, 2015

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Table of Contents

SSL Sessions Tool

Requirements

Install the SSL Sessions Tool

Install the Package in a Linux environment

Install the Package in a Windows Environment

Verify the Installation

Using the SSL Sessions Tool

API

For Assistance

SSL Sessions Tool

Version 1.6.2

First Published: 9/30/15

 

Use the SSL Sessions Tool to parse SSL session log information within an exported session log generated by a Cisco SSL Appliance. This guide provides an overview of the SSL Sessions tool and its installation. The tool can parse binary SSL session log files, filter on assorted fields, and save the data in the CSV format, for use by other applications. The SSL Sessions tool can be used in command line or in GUI mode.

Descriptions of all the commands are provided in the documentation generated by the tool: Using the SSL Sessions Tool. The tool and tool documentation are available on cisco.com

This version of the SSL Sessions tool supports SSL 3.5 and later.

The SSL Sessions tool operates with SSL 3.8.x session log files by default. To work with a file exported in another version of SSL Appliance software, set the SSL Version in the tool (option available from both the command line and the GUI). For example, set the Version to 3.5 to work with session output files from SSL 3.5.x, 3.6 for 3.6.x, or 3.7 for 3.7.x, and so on.

This version of the SSL Sessions tool supports data export in space-delimited format, for use with Blue Coat Reporter. Use the -R option from the command line to output the .csv file in Reporter format. See the Using the SSL Sessions Tool for syntax information.

Cisco SSL Appliance software is subject to licensing terms and conditions imposed by Cisco and third party software providers.

. For more information, see the following sections:

Requirements

  • An x86 or x86-64 personal computer running Windows or Linux. The system must be running Python 2.6.x or 2.7.x; Python 3.x is not supported. This is called the "host" system in this document.
  • Python version 2.6.x or 2.7.x
  • pyOpenSSL version 0.12
  • wxPython 2.9 (required for UI mode)
  • A Cisco SSL Appliance sslsessions output file you want to run the tool on.

Install the SSL Sessions Tool

The SSL Sessions tool is provided as a zipped package which must be installed on the host system. The package file name is sslsessions-n.n.n.zip, where n.n.n is a version number for the package. After installation, the tool can be run from the command line or as a GUI application (requires wxPython 2.9).

Install the Package in a Linux environment

Step 1 Copy the file to the host system.

Step 2 At a command line type in the following:
unzip sslsessions-n.n.n.zip
cd sslsessions-n.n.n
python setup.py install

Tip You must be logged on as a user with privileges that allow software installation.

Install the Package in a Windows Environment

On Windows systems, additional steps are required to complete the installation. You must add the directory where the script was installed to your system path. To do this, open a Run window (click Start, type run, and click Enter),

Step 1 In the Run window, enter
C:\windows\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables

Step 2 Click OK. The Environment Variables window displays.

Step 3 In the top panel labeled User variables for <user name>, select the PATH entry, then click Edit. The Edit User Variable windows displays.

Step 4 Enter the path to your unzipped file in the Variable value field, followed by a semicolon. An example is shown next.

Note The example uses Python 2.7. The SSL Sessions tool requires Python 2.6.x or 2.7.x (Python 3.x is not supported).

Step 5 When the entry is correct, click OK. Exit the Environment Variables window.

Verify the Installation

To verify that the SSL Diagnostics tool is installed correctly, open a command prompt and enter

sslsessions.py --version

You should see:

host:<path>/sslsessions/$ sslsessions.py --version
Usage: sslsessions.py [options] [output-path]
Export csv data from filtered ssl session log files. [output-path] is required.
If no command line arguments are provided, the tool starts up in ui mode.
Set the mode (-M or --mode) to csv or report when using the tool from command line.
Version: n.n.n

 

Using the SSL Sessions Tool

The SSL Session Log Tool is an application that can parse binary ssl session log files, filter on various

fields and save the data in CSV format. It can be used in command line mode or in ui mode.

In ui mode the application looks like this:

Here is an example of command-line mode:

sslsessions.py -M csv -S../sessions_logs/ssl_session_log-20150115T173613

-d *.google.com../session_log_output

The following options can be provided on the command-line:

Usage:

sslsessions.py [options]

Options:

Option
Result
-h, --help
show this help message and exit

-s SRC, --src=SRC

src addr wildcard filter

-d DST, --dst=DST

dst addr wildcard filter

-S SESSLOG_PATH, --sesslog-path=SESSLOG_PATH

ssl session log path

-p SESSLOG_PATTERN, --sesslog-pattern=SESSLOG_PATTERN

ssl session log filename wildcard filter

-x, --dump-state dump

ssl flow state

-m, --dump-messages dump

ssl messages

-5, --dump-x509-fp

dump X.509 fingerprint

-c DUMP_X509_FIELD, --dump-x509-field=DUMP_X509_FIELD

dump X.509 field (e.g. CN)

-e ERR_FLOWS, --err-flows=ERR_FLOWS

error code filter

-M MODE, --mode=MODE

output mode: csv, report or ui (default)

-t TIMESTAMP, --timestamp=TIMESTAMP

timestamp filter

-B BEGIN_TIMESTAMP, --begin-timestamp=BEGIN_TIMESTAMP

begin timestamp filter

-E END_TIMESTAMP, --end-timestamp=END_TIMESTAMP

end timestamp filter

-l LINES, --lines=LINES

lines per csv file

-f PRE_DECISION, --pre-decision=PRE_DECISION

dump pre decision (false-positives) flows

-r, --dump-hsm-resigning-ca

dump hsm resigning ca info

-V SSLNG_VERSION, --sslng-version=SSLNG_VERSION

version of sslv appliance error codes to use,

3.5, 3.6, 3.7 or 3.8

v, --version

display version number and exit

-R, --reporter Output

.csv file in reporter format. (Space separated)

API

The event reading library for the tool is also accessible from the python installation.

This is a code example that reads the 1st log file from a command-line path argument and prints a

few fields.:

import os, sys

from ssl_sessions import readevents

log_path = sys.argv[1]

for event in readevents.iter_session_log_events(

os.path.join(log_path, 'ssl_session_log.1.bin'), '3.8',

readevents.read_cert_store(log_path),

readevents.read_hsm_resigning_cas(log_path)):

print event.flowid.ID, event.flow, event.subject

if not event.match_result('OK'):

print 'ERROR:', event.result

ssl_sessions.readevents

class ssl_sessions.readevents.SessionLogEvent (data, sslng_version, cert_store=None,

hsm_resigning_cas=None)

Class representing a single session log event.

 

ssl_sessions.readevents.asn_parse_san_entry (data)

Parse an ASN entry to extract SAN IP and DNS name entries.

Parameters: data (str) -- String data for SAN entry.

Returns: List of tuples of ( 'san_ip', str) or ( 'dns_name, str)

ssl_sessions.readevents.inet_ntoa_6 (address)

Convert a network format IPv6 address into text.

Parameters: address (str) -- The binary address.

Returns: IP address in string format.

ssl_sessions.readevents.iter_all_filtered_events (options, progress_notify=None)

Iterator that returns only events filtered by options

ssl_sessions.readevents.read_cert_store (path)

Reads the certificate store pem file into a dict mapping fingerprints to dicts of certificate name

values.

Parameters: path (str) -- Filepath to the session log dictory.

Returns: Fingerprint to certificate info dictionary.

ssl_sessions.readevents.read_hsm_resigning_cas (path)

Reads the HSM Resigning CAs info from json format.

Parameters: path (str) -- Filepath to the session log dictory.

Returns: Fingerprint to HSM info dictionary.

For Assistance

Cisco Support

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco SSL Appliances, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

If you have any questions or require assistance with the Cisco SSL Appliance, you can also contact Cisco Support:

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products