Snort mailing list archives
Re: Understanding Snort and mysql vs Barnyard and mysql
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Thu, 07 May 2009 15:28:27 +0000
--On Thursday, May 07, 2009 08:19:28 -0500 James Lay <jlay () slave-tothe-box net> wrote:
So I’ve been running barnyard2 (on the mac no less) for the last couple days. This morning I saw: 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error: MySQL server has gone away 07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error: MySQL server has gone away I would see this all the time with snort (have a script to watch this and restart snort..though now I’ll change it to restart barnyard). The sole reason I put barnyard in place was because I thought that Barnyard would make the above type errors go away. Was that wrong? This is on the same machine, so it’s not a remote connection. Am I always going to see these if I use snort with mysql? Thanks.
Two guesses what the common element is. This is a problem with mysql. It might be resolved by adding some code to barnyard2 that checks for the connection going away and re-establishes it when it has. But at the end of the day, Oracle needs to fix it in mysql. (Good luck with that.) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* Check the headers before clicking on Reply. ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Understanding Snort and mysql vs Barnyard and mysql James Lay (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Joel Esler (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Paul Schmehl (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql Todd Wease (May 07)
- Re: Understanding Snort and mysql vs Barnyard and mysql firnsy (May 07)