snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Understanding Snort and mysql vs

Re: [Snort-users] Understanding Snort and mysql vs Barnyard and mysql

From: Joel Esler <jesler_at_nospam>
Date: Thu May 07 2009 - 13:38:15 GMT
To: James Lay <jlay@slave-tothe-box.net>


On Thu, May 7, 2009 at 9:19 AM, James Lay <jlay@slave-tothe-box.net> wrote:
>
> So Iíve been running barnyard2 (on the mac no less) for the last couple
days. This morning I saw:
>
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
>
>
> I would see this all the time with snort (have a script to watch this and
restart snort..though now Iíll change it to restart barnyard). The sole reason I put barnyard in place was because I thought that Barnyard would make the above type errors go away. Was that wrong? This is on the same machine, so itís not a remote connection. Am I always going to see these if I use snort with mysql? Thanks.

If Snort loses it's connection (or it times out) to mysql, then yes.  Barnyard2 uses the same db code as Snort does, so it can't "reconnect" if the connection dies. Barnyard (1) had the capability. I know the barnyard2 guys monitor this list, and will assume they'll take a look at this. The ability for the output method to reconnect upon disconnect is key, IMO. -- joel esler | Sourcefire | gtalk: jesler@sourcefire.com | 302-223-5974 | http://twitter.com/joelesler

------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com

_______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users