Snort mailing list archives
Re: barnyard regular restart required
From: Ian Masters <ian () acces co jp>
Date: Mon, 09 Mar 2009 17:48:31 +0900
Thanks again for the reply.
Again I do not use Barnyard, but any chance you are using outputting from Barnyard to MySQL (did not catch it the first time but you must be if you are using base...)? More specifically MySQL Server 5, there is an issue where the connection to MySQL times out, and MySQL does nothing about it.
I am indeed outputting from Barnyard to MySQL and my MySQL version is indeed 5 (Sorry I didn't include this information to begin with)
With Snort logging straight to MySQL this manifests as Snort log messages like "snort[10778]: database: mysql_error: MySQL server has gone away " Not sure if Barnyard will log anything in this senario...
I haven't come across anything useful like that yet.
I *believe* that if you run lsof -i it will still show that snort (barnyard in your case) is still connected to MySQL (even tho the connection is dead)
lsof -i shows: mysqld 4637 mysql 10u IPv4 8513 TCP *:mysql (LISTEN) The machine is a test machine which gets very few alerts. Thanks for the ideas. It's given me a bit more to think about. I'm surprised that it's not happening to other users too. Ian ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard regular restart required Ian Masters (Mar 08)
- Message not available
- Re: barnyard regular restart required Ian Masters (Mar 08)
- Message not available
- Re: barnyard regular restart required Ian Masters (Mar 09)
- Re: barnyard regular restart required Joel Esler (Mar 09)
- Re: barnyard regular restart required Paul Schmehl (Mar 09)
- Re: barnyard regular restart required Joel Esler (Mar 09)
- Re: barnyard regular restart required Ian Masters (Mar 08)
- Re: barnyard regular restart required Paul Schmehl (Mar 09)
- Re: barnyard regular restart required Joel Esler (Mar 09)
- Re: barnyard regular restart required Matthew Babcock (Mar 09)
- Re: barnyard regular restart required CunningPike (Mar 10)
- Re: barnyard regular restart required Matthew Babcock (Mar 10)
- Re: barnyard regular restart required Ian Masters (Mar 11)
- Message not available
- Re: barnyard regular restart required Ian Masters (Mar 11)