[Snort-users] Mysql process stopping affects db writes after restart of mysql?
DLazarak at ...12658...
Wed Nov 10 16:51:03 EST 2004
I noticed/tested that if mysql database process is stopped, snort (2.2)
creates syslog errors that it can't write to database. Any new incidents
seen by the probe do not get written to the database after that, but
they do get logged in the tcpdump logfile. However, when I restart the
mysql process, the incidents do not recover or get rewritten to the db
(they are not spooled with error recovery) ...neither do new events
after restarting mysql. It's as if I am going to have to restart snort
on the probe to get logging into remote db successfully again. Anyone
come across solutions for spooling alerts that don't make it into
database and get snort to write to db without restarting snort? Does
Barnyard handle this kind of recovery?
So basically, it looks like a stopped mysql process will cause pain and
lost logging into db.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users