[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Elsa 'query terms stripped'
From: Karolis <karolis.cepulis () gmail ! com>
Date: 2013-06-29 6:43:34
Message-ID: CAOmCqNO0ae0HZuXCKn_S3n6YTfsc3nBD7YROY6b=xfwPwCnkOg () mail ! gmail ! com
[Download RAW message or body]
I had same issues with ELSA not registering new node on the server.
Re-running sosetup several times on the sensor solved node registering
issue.
Karolis
On Fri, Jun 28, 2013 at 11:05 PM, Lonejeeper <rockcrawler@gmail.com> wrote:
>
> > From the server do:
> > nc localhost 50000
> >
> >
> >
> > then
> >
> >
> > nc localhost 50001
> >
> >
> > should dump mysql and sphinx headers to your console if you have a live
> connection to that sensor.
> >
> >
>
>
> I had no results from the 50000 and 50001, but did from the other sensors
> ports, like 50002 and 50003.
>
> The sensor (SO-Sensor1) using the 50000 and 500001 has an active autossh
> session, and the bro logs are currently being written to (if that matters
> at all).
>
> A reboot of SO-Sensor1 did not change the output of the nc command on the
> server. the autossh is running on SO-Sensor1.
>
> --
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #3 (text/html)]
<div dir="ltr">I had same issues with ELSA not registering new node on the server. \
Re-running sosetup several times on the sensor solved node registering \
issue.<div><br></div><div>Karolis</div></div><div class="gmail_extra"> <br><br><div \
class="gmail_quote">On Fri, Jun 28, 2013 at 11:05 PM, Lonejeeper <span \
dir="ltr"><<a href="mailto:rockcrawler@gmail.com" \
target="_blank">rockcrawler@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <div class="im"><br>
> From the server do:<br>
> nc localhost 50000<br>
><br>
><br>
><br>
> then<br>
><br>
><br>
> nc localhost 50001<br>
><br>
><br>
> should dump mysql and sphinx headers to your console if you have a live \
connection to that sensor.<br> ><br>
><br>
<br>
<br>
</div>I had no results from the 50000 and 50001, but did from the other sensors \
ports, like 50002 and 50003.<br> <br>
The sensor (SO-Sensor1) using the 50000 and 500001 has an active autossh session, and \
the bro logs are currently being written to (if that matters at all).<br> <br>
A reboot of SO-Sensor1 did not change the output of the nc command on the server. \
the autossh is running on SO-Sensor1.<br> <div class="HOEnZb"><div class="h5"><br>
--<br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
Visit this group at <a href="http://groups.google.com/group/security-onion" \
target="_blank">http://groups.google.com/group/security-onion</a>.<br> For more \
options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> <br>
<br>
</div></div></blockquote></div><br></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to \
security-onion+unsubscribe@googlegroups.com.<br /> To post to this group, send email \
to security-onion@googlegroups.com.<br /> Visit this group at <a \
href="http://groups.google.com/group/security-onion">http://groups.google.com/group/security-onion</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/> <br />
<br />
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic