[Snort-users] barnyard and mysql 5

Andrea Lee alee at ...13849...
Fri Jun 16 12:59:38 EDT 2006

Hi there, recently joined the group. We're seeing barnyard lose the connection to mysql and not reconnect. Google had this jem from past snort-users:
I recently built barnyard against MySQL 5.0.13 and everything seemed hunkey-dory until I noticed it's failures to reconnect after db restarts. This problem also occurred if the connection was inactive for long periods (>32k sec.Huh.
In these cases barnyard stays in it's mysql_ping()-sleep loop and never reconnects, even when the db is back online. Small print from the MySQL manual v5.0 for mysql_real_connect() includes the following note:-

>Note that upon connection, mysql_real_connect() sets the reconnect >flag (part of the MYSQL structure) to a value of 1 in versions of the >API older than 5.0.3, or 0 in newer versions. A value of 1 for this flag >indicates that if a statement cannot be performed because of a lost >connection, to try reconnecting to the server before giving up. As of >MySQL 5.0.13, you can use the MYSQL_OPT_RECONNECT option to > mysql_options() to control reconnection behavior.

That didn't fix it for me but the following did. I found that adding the line mysql->reconnect = 1; just prior to the mysql_ping() loop did the trick ie. with a couple of lines of context

--- op_acid_db.c.ORIG 2005-11-08 17:05:46.000000000 +0000
+++ op_acid_db.c 2005-11-08 18:19:54.000000000 +0000
@@ -1237,4 +1237,5 @@
LogMessage("Lost connection to MySQL server. Reconnecting\n");
+ mysql->reconnect = 1;
while(mysql_ping(mysql) != 0)

-- cheesman  

Just what I was looking for and (for our snort) more useful than dropping mysql down to v4 (as other posts suggest). 

Question is: Can someone help a coding noob understand what that code means and where to put it? 
As I understand, add the line "mysql->reconnect = 1;" after the above log message at line 1237 in barnyard/src/op_acid_db.c, but when I try and recompile, I get errors. Obviously there is some trick that you have to do when changing sourcecode that I haven't learned in Linux101. Sorry, couldn't think of any good google search strings to assist me. 



More information about the Snort-users mailing list