[Snort-users] Re: ACID Configuration

Roman Danyliw roman at ...438...
Mon Nov 13 10:16:43 EST 2000


Karl is absolutely right. Should the mysql daemon die or connectivity to
it be impaired (be it extremely high network latency or actual
disconnect), Snort will drop the alert after only a single attempt.  When
this occurs, an error message like the following will probably appear:

"database: mysql_error: MySQL server has gone away"


On Sun, 12 Nov 2000, Karl Lovink wrote:

> I think the data will be lost. What should be implemented to get this
> is some kind of backlog. Snort should keep the data in a backlog and try
> resend the data t othe database server. When the database server is
> available again it should empty his backlog.
> Kind regards,
> Karl
> -----Oorspronkelijk bericht-----
> Van: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]Namens Frank Reid
> Verzonden: zaterdag 11 november 2000 21:33
> Aan: snort-users at lists.sourceforge.net
> Onderwerp: RE: [Snort-users] Re: ACID Configuration
> Thanks, Roman.  ACID is a very impressive project in its own right, and
> provides a great deal of functionality even now.  Thanks for supporting
> developing it.
> Question on Snort... is behavior defined when logging to database and
> database becomes unavailable?  My specific concern is sensor behavior
> network anomalies prevent it from locating the database server,
e.g. upon
> loss of network connectivity for upstream reporting.  I could pull plugs
> guess at the results, but I figured someone would know based on the code
> itself.  Thanks.
> Frank

More information about the Snort-users mailing list