[Snort-users] mysql/snort backup issue

Erek Adams erek at ...950...
Wed Sep 24 13:34:03 EDT 2003


On Wed, 24 Sep 2003, John Byrnes wrote:

[...snip...]

> After I do this, I have to restart all of my sensors to get them to
> resume inserting events in the db. (This is my problem) I'm assuming
> this is because the mysqldump script must lock the db for inserts, and
> snort must stop trying if the db is unavailable, and doesn't retry. I
> could be completely wrong.

Normal behavior.  If Snort can't connect to the DB, then you loose alerts.
Instead, use BarnYard and it will automagically spool alerts until the DB
comes back.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list