Snort mailing list archives
Re: Sguil assist
From: Y M <snort () outlook com>
Date: Tue, 23 Jun 2015 15:16:49 +0000
Hi James,
There is an ongoing discussion about this in the security onion list. While I am not a regular user of SO, the
discussion itself is interesting since I also use sguil ( I did not update OpenSSL) after reading the discussion. The
general recommendation was not to upgrade or to downgrade OpenSSL..
Sorry, don't have the link at the moment
YM
Sent from Mobile
On Tue, Jun 23, 2015 at 8:09 AM -0700, "James Lay" <jlay () slave-tothe-box net> wrote:
Hey All,
Emailed the sguil list, but got nothing back yet, so emailing here.
Looks like the latest OpenSSL update nuked sguil 0.9.0 as shown:
From sguild:
2015-06-23 14:45:36 pid(14931) Sensor agent connect from
127.0.0.1:40300 sock15
2015-06-23 14:45:36 pid(14931) Validating sensor access: 127.0.0.1 :
2015-06-23 14:45:36 pid(14931) Valid sensor agent: 127.0.0.1
2015-06-23 14:45:36 pid(14931) ERROR: handshake failed: sslv3 alert
handshake failure
2015-06-23 14:45:36 pid(14931) Error: Improper sensor cmd received:
VersionInfo {SGUIL-0.9.0 OPENSSL ENABLED}: can't read
"socketInfo(sock15)": no such variable
2015-06-23 14:45:36 pid(14931) Error from socket sock15: SSL channel
"sock15": error: sslv3 alert handshake failure
2015-06-23 14:45:36 pid(14931) Closing socket.
From the snort_agent:
Connected to localhost
Sending sguild (sock3) RegisterAgent snort POS POS
ERROR: error writing "sock3": software caused connection abort :
RegisterAgent snort POS POS
Socket sock3 closed
Attempting to reconnect.
Is there any way to disable ssl usage? In my case the agents are on the
local machine anyway. Thanks....bummer morning :(
James
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Sguil assist James Lay (Jun 23)
- Re: Sguil assist Y M (Jun 23)
- Re: Sguil assist James Lay (Jun 23)
- Re: Sguil assist Rodgers, Anthony (DTMB) (Jun 23)
- Re: Sguil assist James Lay (Jun 23)
- Re: Sguil assist Y M (Jun 23)