Snort mailing list archives
Re: logging when the connection to MySQL is lost
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 11 Oct 2002 13:15:46 -0700 (PDT)
On Thu, 10 Oct 2002, Hubert Karlch wrote:
simple question, what happens when I configure snort to use the database-output for mySQL and the connection to the mySQL-Server is lost, becauseof : a) when logging local mySQL crashes b) when logging over a network a problem with the network occurs c) when using stunnel to encrypt the traffic between snort an mySQL stunnel crashes Are these alerts lost or are they stored somewhere local on the snort-sensor?
It depends on your setup. You can have it output to more than one output method....
From what you are describing, I would suggest to log to unified and use
Barnyard to read files and send it to the db. When using BY, snort does not connect to the DB, BY does. If it can't connect, it spools data until it can. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging when the connection to MySQL is lost Hubert Karlch (Oct 10)
- RE: logging when the connection to MySQL is lost Gene Gomez (Oct 11)
- Re: logging when the connection to MySQL is lost Erek Adams (Oct 11)
- <Possible follow-ups>
- RE: logging when the connection to MySQL is lost Steve Halligan (Oct 10)