Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.esperr.com/llms.txt

Use this file to discover all available pages before exploring further.

capture run

Captures HTTP traffic from a network interface and forwards matching requests to Esper. 
esper capture run
esper capture run --test --dry-run
esper capture run --enforce --tenant-id <tenant-id>
esper capture run --enforce

Relevant flags

  • --enforce: enables mitigation sync and local enforcement
  • --tenant-id: explicit tenant to sync active mitigations for
  • --sync-interval-seconds: mitigation sync interval
  • --stats: prints packet, forwarding, enforcement, and sync metrics
  • --test: captures loopback traffic on lo
  • --dry-run: prints captured requests without forwarding or enforcing
  • --filter: overrides the default BPF expression

Enforcement behavior

esper capture run --enforce syncs the tenant’s active mitigations to the hybrid for local enforcement.
  • Block: the request is dropped locally
  • Challenge: the match is logged and the request is still forwarded
  • Monitor: the match is logged and the request is still forwarded
Local enforcement currently requires the captured HTTP request to include an Esper-managed opaque X-Esper-Hybrid-Key header.

capture record

Records network traffic to a PCAP file for later analysis. 
esper capture record --output traffic.pcap --duration 10 --interface lo

capture test-server

Starts a test HTTP server for validating hybrid capture functionality. 
esper capture test-server --port 8888

run

Runs the Esper hybrid daemon using the XML hybrid configuration. 
esper run
The daemon reads ~/.esper/runtime.xml by default and writes logs and cache files under ~/.esper/.

sync

Performs a one-shot sync from origin into the local hybrid cache. 
esper sync actions
esper sync entities
esper sync policies
esper sync mitigations