Sguil assist

[James Lay <jlay () slave-tothe-box net>]

Hey All,

Emailed the sguil list, but got nothing back yet, so emailing here.  
Looks like the latest OpenSSL update nuked sguil 0.9.0 as shown:

 From sguild:

2015-06-23 14:45:36 pid(14931)  Sensor agent connect from 
127.0.0.1:40300 sock15
2015-06-23 14:45:36 pid(14931)  Validating sensor access: 127.0.0.1 :
2015-06-23 14:45:36 pid(14931)  Valid sensor agent: 127.0.0.1
2015-06-23 14:45:36 pid(14931)  ERROR: handshake failed: sslv3 alert 
handshake failure
2015-06-23 14:45:36 pid(14931)  Error: Improper sensor cmd received: 
VersionInfo {SGUIL-0.9.0 OPENSSL ENABLED}: can't read 
"socketInfo(sock15)": no such variable
2015-06-23 14:45:36 pid(14931)  Error from socket sock15: SSL channel 
"sock15": error: sslv3 alert handshake failure
2015-06-23 14:45:36 pid(14931)  Closing socket.

 From the snort_agent:

Connected to localhost
Sending sguild (sock3) RegisterAgent snort POS POS
ERROR: error writing "sock3": software caused connection abort : 
RegisterAgent snort POS POS
Socket sock3 closed
Attempting to reconnect.

Is there any way to disable ssl usage?  In my case the agents are on the 
local machine anyway.  Thanks....bummer morning :(

James

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!