[Snort-users] MySQL Disconnects/Mudpit
michaels at ...9077...
Wed Nov 26 10:59:03 EST 2003
Im not sure if it will help but I have a guide for Solaris on my website.
It is in BETA at this time looking for people interested in making sure the
bugs are worked out :)
System Engineer / Security Support Technician
mailto:michaels at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
adam_peterson at ...10608...
Sent: Wednesday, November 26, 2003 10:06 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] MySQL Disconnects/Mudpit
I'm trying out mudpit but I use Solaris 8 and I've run into several errors
compiling. ./configure is OK but make results in these errors:
make: Entering directory `/export/spare/test/mudpit-1.3'
Making all in src
make: Entering directory `/export/spare/test/mudpit-1.3/src'
gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -c mudpit.c
In file included from mudpit.c:32:
mp_util.h:59: warning: conflicting types for built-in function `log'
In file included from mp_maps.h:28,
mp_maps_defs.h:38: error: parse error before "u_int32_t"
mp_maps_defs.h:38: warning: no semicolon at end of struct or union
mp_maps_defs.h:39: warning: data definition has no type or storage class
mp_maps_defs.h:40: error: parse error before "rev"
mp_maps_defs.h:40: warning: data definition has no type or storage class
mp_maps_defs.h:44: error: parse error before '}' token
mp_maps_defs.h:44: warning: data definition has no type or storage class
In file included from mudpit.c:34:
mp_maps.h:33: error: parse error before '*' token
mp_maps.h:33: warning: data definition has no type or storage class
make: *** [mudpit.o] Error 1
make: Leaving directory `/export/spare/test/mudpit-1.3/src'
make: *** [all-recursive] Error 1
make: Leaving directory `/export/spare/test/mudpit-1.3'
make: *** [all-recursive-am] Error 2
Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
adam_peterson at ...10608... | +1.415.357.4787
Ben Nelson <lists at ...10344...>
11/26/2003 10:44 AM MST
Please respond to lists
To: adam_peterson at ...10608...
cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] MySQL Disconnects
You can solve this problem by logging to unified log format files on the
local sensor, then use mudpit or something to parse the files and insert
into your MySQL database. If the database is unavailable, mudpit will
just keep its place in the log file and keep trying to connect to the
adam_peterson at ...10608... wrote:
> I have 2 sensors running at remote locations where bandwidth isn't
> exactly the best. It looks like snort is losing connection to my MySQL
> server accross the link. I have 1 other sensor in the exact same
> scenario and it never loses connection. I'm determining this by running
> netstat on the remote box and seeing only my ssh connection. If I
> restart snort, I see a connection on port 3306 to my MySQL server.
> Does anyone know why this is happening? My guess would be a timeout
> somewhere but I would hope that snort would re-establish the connection
> if it needs to. I know that these sensors are getting alerts but aren't
> able to send them to the db because of the disconnect.
> Any help is greatly appreciated.
> Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
> adam_peterson at ...10608...
More information about the Snort-users