Snort mailing list archives
Re: Barnyard2 reports database insert errors
From: beenph <beenph () gmail com>
Date: Sat, 2 Nov 2013 18:56:33 -0400
On Sat, Nov 2, 2013 at 6:06 PM, Dave Corsello <snort-users () wintertreemedia com> wrote:
On 11/2/2013 1:16 PM, beenph wrote:
environment. I'll look into that when I have time.I do not even understand that you mean by "status" at the mysql level.MySQL returns info on the success or failure of a query, right? That's what I mean by "status".
Yes but that is in the protocol (mysql client library talking to the server), thus if the communication betwen the client and the server would be cut, then yes there is a possibility that the "status" of the query if we use your definition would not be returned, but since the event insertion is transaction isolated, the result would not be commited (unless the communication is killed right after the commit and the transaction is processed on the server side but never acknowledge on the client side) And yes barnyard2 would retry to re-insert the same event (assuming that the previous transaction was not commited) and if the communication with the server is re-established then it would try to issue the same transaction.
What i think is that you could have had a network outtage link betwen the by2 vm and the mysql vm and that as soon as the connection was brought back up, operation resumed to normal but you got the error message logged.I see, so you think the inserts initially fail, but barnyard2 tries again, and then they succeed.
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 reports database insert errors Dave Corsello (Nov 01)
- Re: Barnyard2 reports database insert errors beenph (Nov 01)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 01)
- Re: Barnyard2 reports database insert errors beenph (Nov 02)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 02)
- Re: Barnyard2 reports database insert errors beenph (Nov 02)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 03)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 04)
- Re: Barnyard2 reports database insert errors beenph (Nov 04)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 05)
- Re: Barnyard2 reports database insert errors waldo kitty (Nov 05)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 05)
- Re: Barnyard2 reports database insert errors waldo kitty (Nov 05)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 01)
- Re: Barnyard2 reports database insert errors beenph (Nov 01)
- Re: Barnyard2 reports database insert errors waldo kitty (Nov 02)
- Re: Barnyard2 reports database insert errors Dave Corsello (Nov 02)