snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Understanding Snort and mysql vs

Re: [Snort-users] Understanding Snort and mysql vs Barnyard and mysql

From: Paul Schmehl <pschmehl_lists_at_nospam>
Date: Thu May 07 2009 - 15:28:27 GMT
To: Snort <snort-users@lists.sourceforge.net>


--On Thursday, May 07, 2009 08:19:28 -0500 James Lay <jlay@slave-tothe-box.net> wrote:

> So I’ve been running barnyard2 (on the mac no less) for the last couple
> days. This morning I saw:
>
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error:
> MySQL server has gone away
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error:
> MySQL server has gone away
>
>
> I would see this all the time with snort (have a script to watch this and
> restart snort..though now I’ll change it to restart barnyard). The sole
> reason I put barnyard in place was because I thought that Barnyard would make
> the above type errors go away. Was that wrong? This is on the same machine,
> so it’s not a remote connection. Am I always going to see these if I use
> snort with mysql? Thanks.

Two guesses what the common element is.

This is a problem with mysql. It might be resolved by adding some code to barnyard2 that checks for the connection going away and re-establishes it when it has. But at the end of the day, Oracle needs to fix it in mysql. (Good luck with that.) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* Check the headers before clicking on Reply. ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users