Thu Nov 23 16:36:19 EST 2017
initial connection, but it prints a bunch of stuff that looks like
snort/mysql output (sorry I couldn't slow it down or capture it...) then it
does a clear screen, and prints the version of Mysql, and some garbage then
says 'Bad handshake', 'connection by host lost'. From a remote site we
attempted to telnet and received this msg "Socket Message not tapped = 113"
When Snort on the slave starts it seems to go this far as well then FATALLY
crashes. a dmp file is produced but I have no idea what I am supposed to do
with a mem-dump of the crash.
I'm not sure why? My guess is there is a problem with the HOST_NAME as
these machines only have workgroup names not true domain names, as such the
only way I could determine routing is to use a straight IP rather than a
hostname...In mysql I have 2 sensors one called "SENSOR\_NAME" the other
called "my-slave". Also I noticed that mysql did not like a hostname with a
"-" in it and I had to place the hostname in ''. Since this was the only
area I had to deviate from the docs I suspect my trouble is here, but I'm
not aware why.
If anyone could provide some assistance I would be most appreciative.
----- James Friesen - Integration Specialist
Lucretia Enterprises - info at ...2282...
More information about the Snort-users