Re: [Snort-users] Understanding Snort and mysql vs Barnyard and mysql

From: firnsy <firnsy_at_nospam>
Date: Fri May 08 2009 - 00:16:18 GMT
To: "'James Lay'" <jlay@slave-tothe-box.net>

G'day James,

This was a small side effect to aligning to all of Snort's output plugins.

Now that this has been done, we can now start to implement appropriate features as required. We have just released beta3 of the next version which should have more resilient reconnection support for MySQL databases.

The reconnection is a blocking action and should be taken into consideration if multiple output plugins are configured.

firnsy

From: James Lay [mailto:jlay@slave-tothe-box.net] Sent: Thursday, 7 May 2009 10:49 PM
To: Snort
Subject: [Snort-users] Understanding Snort and mysql vs Barnyard and mysql

So I’ve been running barnyard2 (on the mac no less) for the last couple days. This morning I saw:

07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error: MySQL server has gone away
07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error: MySQL server has gone away

I would see this all the time with snort (have a script to watch this and restart snort..though now I’ll change it to restart barnyard). The sole reason I put barnyard in place was because I thought that Barnyard would make the above type errors go away. Was that wrong? This is on the same machine, so it’s not a remote connection. Am I always going to see these if I use snort with mysql? Thanks.

James

The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: Matt Jonkman: "Re: [Snort-users] Certin ET rulesets and 100 percent usage."
Previous message: Randal T. Rioux: "Re: [Snort-users] Certin ET rulesets and 100 percent usage."
In reply to: James Lay: "[Snort-users] Understanding Snort and mysql vs Barnyard and mysql"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]