Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort loosing connection to Mysql

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Thu, 11 May 2006 08:39:03 -0400
Dirk:

If you check the headers from the orig e-mail, you will see:

Received: from sc8-sf-list1-b.sourceforge.net
 (sc8-sf-list1-b.sourceforge.net [10.3.1.7])    by
sc8-sf-spam2.sourceforge.net
 (Postfix) with ESMTP   id 5EC9D12664; Wed, 10 May 2006 14:43:53 -0700
(PDT)
Received: from sc8-sf-mx2-b.sourceforge.net
 ([10.3.1.92] helo=mail.sourceforge.net)        by
sc8-sf-list1.sourceforge.net with
 esmtp (Exim 4.30)      id 1FWSnL-0005DR-UP     for
snort-users () lists sourceforge net;
 Wed, 19 Apr 2006 23:37:39 -0700
Received: from cyclone.wcom.co.uk
 ([193.131.254.139] helo=cyclone.emea.verizonbusiness.com)
        by mail.sourceforge.net with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.44)
        id 1FWSnJ-0004oP-L6     for snort-users () lists sourceforge net;  


So, this one and a bunch of other e-mails were stuck at
sc8-sf-mx2-b.sourceforge.net  until someone found them yesterday and
released them.

Bruce

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dirk
Geschke
Sent: Thursday, May 11, 2006 8:27 AM
To: Raynaud, Francois
Cc: 'snort-users () lists sourceforge net'; Dirk_Geschke () genua de
Subject: Re: [Snort-users] snort loosing connection to Mysql

Hi,


I have just upgraded my snort binary to 2.4.4, which is logging to a

remote

Mysql Database.
For patching reasons, the Mysql host is being rebooted every week and

before

the upgrade the snort binary would re-conenct to the DB without any
problems, once the box was back up and running.


probably you changed the version of the MySQL database. The old
behaviour
(MySQL 4.x) did automatically a reconnect whereas this is disabled with
the newer versions.

But just for this reason I would choose another way to insert the alerts
in the database, there are several solutions available and you will not
loose any alert during the database is rebooted. (And it is even better
for the performance, the database access via the output plugin slows 
down snort and you may miss some packets...)

Best regards

Dirk Geschke

BTW: Are you living in world far away? Or why shows the email a date of 
Thu, 20 Apr 2006 07:37:20 +0100 and the email arrives here at a date of
Wed, 10 May 2006 23:44:00 +0200? Three weeks for delivery?



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: