Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort pgsql keepalive

From: roman () danyliw com
Date: Thu, 10 May 2001 15:02:21 US/Eastern
I did some checking on Snort behavior when the DB server dies:

Snort 1.7: alerts dropped
Snort 1.8: alert dropped, Snort issues FatalError(), quits

In either case, the behavior is incorrect.  The fact that 1.8 quits
instead of merely dropping (ala 1.7) is immaterial since neither version
will cache dropped alerts.  Thus, without caching there is no
reason to even keep the sensor up, since no logging is occuring
(unless you have other logging mechanisms other than 
the DB-plugin).

I believe that the correct action is to attempt a re-connect
to the DB when Snort detects a disconnect (i.e. when either
the Select() or Insert() fails with the appropriate error code, call 
Connect() again, if this fails only then FatalError() ).

Roman


Hello,

When the sensor got a connection to the postmaster (postgres) and if the
postmaster goes down, the sensor will stop. 

Is there anyway to keep the sensor up and when the connection are coming
back of the postmaster ? like a keepalive and reconnect...

Thanks

alx

-- 
---
Alexandre J.D. Dulaunoy  | "Engineering is the implementation of science;
AD993-RIPE               | Politics is the implementation of faith".
http://www.foo.be/       |                      Another usenet quote...



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: