Snort mailing list archives
RE: MySQL Disconnects/Mudpit
From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 26 Nov 2003 10:57:41 -0800
Adam, Im not sure if it will help but I have a guide for Solaris on my website. It is in BETA at this time looking for people interested in making sure the bugs are worked out :) Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org ________________________________________ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of adam_peterson () splwg com Sent: Wednesday, November 26, 2003 10:06 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] MySQL Disconnects/Mudpit I'm trying out mudpit but I use Solaris 8 and I've run into several errors compiling. ./configure is OK but make results in these errors: make all-recursive make[1]: Entering directory `/export/spare/test/mudpit-1.3' Making all in src make[2]: Entering directory `/export/spare/test/mudpit-1.3/src' gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -c mudpit.c In file included from mudpit.c:32: mp_util.h:59: warning: conflicting types for built-in function `log' In file included from mp_maps.h:28, from mudpit.c:34: mp_maps_defs.h:38: error: parse error before "u_int32_t" mp_maps_defs.h:38: warning: no semicolon at end of struct or union mp_maps_defs.h:39: warning: data definition has no type or storage class mp_maps_defs.h:40: error: parse error before "rev" mp_maps_defs.h:40: warning: data definition has no type or storage class mp_maps_defs.h:44: error: parse error before '}' token mp_maps_defs.h:44: warning: data definition has no type or storage class In file included from mudpit.c:34: mp_maps.h:33: error: parse error before '*' token mp_maps.h:33: warning: data definition has no type or storage class make[2]: *** [mudpit.o] Error 1 make[2]: Leaving directory `/export/spare/test/mudpit-1.3/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/spare/test/mudpit-1.3' make: *** [all-recursive-am] Error 2 Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com | +1.415.357.4787 Ben Nelson <lists () venom600 org> 11/26/2003 10:44 AM MST Please respond to lists To: adam_peterson () splwg com cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] MySQL Disconnects You can solve this problem by logging to unified log format files on the local sensor, then use mudpit or something to parse the files and insert into your MySQL database. If the database is unavailable, mudpit will just keep its place in the log file and keep trying to connect to the MySQL server. --Ben adam_peterson () splwg com wrote:
I have 2 sensors running at remote locations where bandwidth isn't exactly the best. It looks like snort is losing connection to my MySQL server accross the link. I have 1 other sensor in the exact same scenario and it never loses connection. I'm determining this by running netstat on the remote box and seeing only my ssh connection. If I restart snort, I see a connection on port 3306 to my MySQL server. Does anyone know why this is happening? My guess would be a timeout somewhere but I would hope that snort would re-establish the connection if it needs to. I know that these sensors are getting alerts but aren't able to send them to the db because of the disconnect. Any help is greatly appreciated. Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: MySQL Disconnects/Mudpit adam_peterson (Nov 26)
- RE: MySQL Disconnects/Mudpit Michael Steele (Nov 26)