Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Cannot connect remote sensor to mysql

From: "." <info () lucretia ca>
Date: Mon, 24 Feb 2003 06:48:30 -0700
Hi,

I am using Windows2000 sp3 on all machines fresh and fully patched.
I am currently using all executables as directed by Michael Steele's latest
and greatest documentation for setting up snort and setting up a slave
sensor.

Ok I have set up a slave sensor, but it will not talk to the mysql server.


From the machine in question I can telnet to the database (I can see the

initial connection, but it prints a bunch of stuff that looks like
snort/mysql output (sorry I couldn't slow it down or capture it...) then it
does a clear screen, and prints the version of Mysql, and some garbage then
says 'Bad handshake', 'connection by host lost'.  From a remote site we
attempted to telnet and received this msg "Socket Message not tapped = 113"

When Snort on the slave starts it seems to go this far as well then FATALLY
crashes.  a dmp file is produced but I have no idea what I am supposed to do
with a mem-dump of the crash.

I'm not sure why?  My guess is there is a problem with the HOST_NAME as
these machines only have workgroup names not true domain names, as such the
only way I could determine routing is to use a straight IP rather than a
hostname...In mysql I have 2 sensors one called "SENSOR\_NAME" the other
called "my-slave".  Also I noticed that mysql did not like a hostname with a
"-" in it and I had to place the hostname in ''.  Since this was the only
area I had to deviate from the docs I suspect my trouble is here, but I'm
not aware why.

If anyone could provide some assistance I would be most appreciative.

Thanks,

-----  James Friesen - Integration Specialist
Lucretia Enterprises - info () lucretia ca
www.lucretia.ca








-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: