[Snort-users] Database Logging with redundency

Jed Pickel jed at ...153...
Tue Aug 29 17:52:19 EDT 2000


> > On Tue, Aug 29, 2000 at 03:35:52PM -0400, Jed Pickel wrote:
> > MySQL in this case.  Table structures should be okay to mess with
> > as long as we don't delete anything, and the sensors can be done one
> > at a time, but I don't want all my sensors to croak just because I bounce
> > in a new db daemon. 
> > 
> > (eg, is the db logger code in snort smart enough to reconnect if the socket
> > closes? )
> 
> No. Not yet. But getting smarter every day. ;) Consider this item to
> be on the todo list.

Oops.. The database plugin was smarter than I thought. :) For MySQL it
will give you an error message for every alert while disconnected or
unable to contact the DB and you will automatically reconnect once the
database is back up (thanks to the mysqlclient library). 

For postgresql I will need to write some code to try and reconnect
because its library is not as smart. I have not tested unixodbc yet.

Nevertheless, (in the current version) alerts that you attempt to log
when the database is not there will be lost. 

* Jed



More information about the Snort-users mailing list