Snort mailing list archives
Re: Understanding Snort and mysql vs Barnyard and mysql
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 7 May 2009 09:38:15 -0400
On Thu, May 7, 2009 at 9:19 AM, James Lay <jlay () slave-tothe-box net> wrote:
So I’ve been running barnyard2 (on the mac no less) for the last couple
days. This morning I saw:
07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN 07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
I would see this all the time with snort (have a script to watch this and
restart snort..though now I’ll change it to restart barnyard). The sole reason I put barnyard in place was because I thought that Barnyard would make the above type errors go away. Was that wrong? This is on the same machine, so it’s not a remote connection. Am I always going to see these if I use snort with mysql? Thanks. If Snort loses it's connection (or it times out) to mysql, then yes. Barnyard2 uses the same db code as Snort does, so it can't "reconnect" if the connection dies. Barnyard (1) had the capability. I know the barnyard2 guys monitor this list, and will assume they'll take a look at this. The ability for the output method to reconnect upon disconnect is key, IMO. -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 | http://twitter.com/joelesler
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Understanding Snort and mysql vs Barnyard and mysql James Lay (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Joel Esler (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Paul Schmehl (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Todd Wease (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql firnsy (May 07)