No subject

Thu Nov 23 16:36:19 EST 2017

initial connection, but it prints a bunch of stuff that looks like
snort/mysql output (sorry I couldn't slow it down or capture it...) then it
does a clear screen, and prints the version of Mysql, and some garbage then
says 'Bad handshake', 'connection by host lost'.  From a remote site we
attempted to telnet and received this msg "Socket Message not tapped = 113"

When Snort on the slave starts it seems to go this far as well then FATALLY
crashes.  a dmp file is produced but I have no idea what I am supposed to do
with a mem-dump of the crash.

I'm not sure why?  My guess is there is a problem with the HOST_NAME as
these machines only have workgroup names not true domain names, as such the
only way I could determine routing is to use a straight IP rather than a
hostname...In mysql I have 2 sensors one called "SENSOR\_NAME" the other
called "my-slave".  Also I noticed that mysql did not like a hostname with a
"-" in it and I had to place the hostname in ''.  Since this was the only
area I had to deviate from the docs I suspect my trouble is here, but I'm
not aware why.

If anyone could provide some assistance I would be most appreciative.


-----  James Friesen - Integration Specialist
Lucretia Enterprises - info at ...2282...

More information about the Snort-users mailing list