[Snort-users] snort connection problem

Phillip Dowdy phillip.dowdy at ...4224...
Fri Nov 30 12:17:54 EST 2001


I am running the following setup:
RedHat 7.1 with kernel 2.4.2-2
Snort 1.8.1-RELEASE with db schema 103; on 29NOV01 I installed Snort 1.8.2
with db schema 104
mysql-3.23.36-1  
adodb 154
ACID v0.9.6b11


While checking /var/log/mysqld.log I found many instances of the following
two types messages:

011126  6:54:11  Aborted connection 2 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126  6:54:11  Aborted connection 1 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 16:52:01  Aborted connection 117 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011126 16:52:01  Aborted connection 118 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011126 23:04:36  Aborted connection 28 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:34:50  Aborted connection 22 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:35:01  Aborted connection 5 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:45:41  Aborted connection 45 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:47:19  Aborted connection 19 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:48:30  Aborted connection 21 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:54:14  Aborted connection 40 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011126 23:54:19  Aborted connection 27 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011127  1:03:14  Aborted connection 124 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011127  1:03:14  Aborted connection 123 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)


011129  0:33:39  Aborted connection 2 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011129  0:33:39  Aborted connection 1 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011129 17:06:52  Aborted connection 119 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011129 17:16:47  Aborted connection 121 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011129 17:27:30  Aborted connection 124 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011129 17:27:30  Aborted connection 125 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011129 17:30:06  Aborted connection 126 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011129 17:30:06  Aborted connection 127 to db: 'snort' user: 'root' host:
`localhost' (Got an error reading communication packets)
011130  0:01:46  Aborted connection 3 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  0:33:02  Aborted connection 4 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:03:42  Aborted connection 9 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:23:37  Aborted connection 7 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:26:38  Aborted connection 5 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:29:38  Aborted connection 6 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:32:39  Aborted connection 93 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:33:30  Aborted connection 139 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:33:30  Aborted connection 138 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)
011130  1:33:53  Aborted connection 8 to db: 'snort' user: 'root' host:
`localhost' (Got timeout reading communication packets)


Snort is logging alerts to the database on days that theses messages are in
the log, but not during the hour that these messages appear in the log.
This looks like a problem to me, but I am novice with MySQL, Snort, adodb,
and ACID (intermediate experience with RedHat Linux).  Is this normal?  Have
I obviously misconfigured something?


Thanks in advance,
Phillip




More information about the Snort-users mailing list