Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
glam1 Respected Contributor.
Respected Contributor.
396 views

Cisco SourceFire or Firesight Estreamer Woe

https://protect724.hp.com/message/34955#34955

Pertaining back to the same discussion some time back , here is something i did to resolve the connection error .

Typical Java error i am facing and forever seeing this is

" connection closed by remote host "

Thing to check back ,

a) open up defense center or Virtual Defense with admin right

b)  Click on Monitoring -> Syslog

c) type your ip address of the SC that talking to VD or DC

d) Spot the error

Nov 26 2015 10:22:42 Sourcefire3D SF-IMS[16873]: [16873] EventStreamer child(x.x.x.x):ConnectionHandler [ERROR] Certificate Common Name x.x.x.x does not match remote host: y.y.y.y .  It was issued to a different client.

This error due to ip address translation from FW to DC , get your Network or FW team to resolve it .

However ,  i speed-up the process by using hostname and instead of using IP address as my PKCS cert .

So my cert file name now in user/agent/sourcefire/<myschost>.pkcs

then i hit another error.

Nov 26 2015 10:33:22 Sourcefire3D SF-IMS[18379]: [18379] EventStreamer child(myschost):ConnectionHandler [INFO] DNS lookup failure for myschost: Invalid Argument

Nov 26 2015 10:33:12 Sourcefire3D SF-IMS[18369]: [18369] EventStreamer child(myschost):ConnectionHandler [ERROR] Can not resolve remote host: myschost for issued certificate (err:SUCCESS)

To resolve this ,

add an entry with the valid ip address in  /etc/hosts in the Sourcefire3D appliance or server (need root access though) and do a trial ping back to "myschost" to confirm connection.

Hope this help

Gilbert Lam

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.