Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 020383.html (Request Expert snort.org Support)

[Snort-users] Cannot connect remote sensor to mysql

From: . <info(at)lucretia.ca>
Date: Mon Feb 24 2003 - 08:48:30 EST


Hi,

I am using Windows2000 sp3 on all machines fresh and fully patched. I am currently using all executables as directed by Michael Steele's latest and greatest documentation for setting up snort and setting up a slave sensor.

Ok I have set up a slave sensor, but it will not talk to the mysql server.

>From the machine in question I can telnet to the database (I can see the
initial connection, but it prints a bunch of stuff that looks like snort/mysql output (sorry I couldn't slow it down or capture it...) then it does a clear screen, and prints the version of Mysql, and some garbage then says 'Bad handshake', 'connection by host lost'. From a remote site we attempted to telnet and received this msg "Socket Message not tapped = 113"

When Snort on the slave starts it seems to go this far as well then FATALLY crashes. a dmp file is produced but I have no idea what I am supposed to do with a mem-dump of the crash.

I'm not sure why? My guess is there is a problem with the HOST_NAME as these machines only have workgroup names not true domain names, as such the only way I could determine routing is to use a straight IP rather than a hostname...In mysql I have 2 sensors one called "SENSOR\_NAME" the other called "my-slave". Also I noticed that mysql did not like a hostname with a "-" in it and I had to place the hostname in ''. Since this was the only area I had to deviate from the docs I suspect my trouble is here, but I'm not aware why.

If anyone could provide some assistance I would be most appreciative.

Thanks,

  • James Friesen - Integration Specialist Lucretia Enterprises - info@lucretia.ca www.lucretia.ca

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Mon Feb 24 08:51:43 2003
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:44 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library