[Snort-users] snort loosing connection to Mysql

Briggs, Bruce Bruce.Briggs at ...13183...
Thu May 11 05:40:01 EDT 2006


If you check the headers from the orig e-mail, you will see:

Received: from sc8-sf-list1-b.sourceforge.net
 (sc8-sf-list1-b.sourceforge.net [])	by
 (Postfix) with ESMTP	id 5EC9D12664; Wed, 10 May 2006 14:43:53 -0700
Received: from sc8-sf-mx2-b.sourceforge.net
 ([] helo=mail.sourceforge.net)	by
sc8-sf-list1.sourceforge.net with
 esmtp (Exim 4.30)	id 1FWSnL-0005DR-UP	for
snort-users at lists.sourceforge.net;
 Wed, 19 Apr 2006 23:37:39 -0700
Received: from cyclone.wcom.co.uk
 ([] helo=cyclone.emea.verizonbusiness.com)
	by mail.sourceforge.net with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.44)
	id 1FWSnJ-0004oP-L6	for snort-users at lists.sourceforge.net;  

So, this one and a bunch of other e-mails were stuck at
sc8-sf-mx2-b.sourceforge.net  until someone found them yesterday and
released them.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Dirk
Sent: Thursday, May 11, 2006 8:27 AM
To: Raynaud, Francois
Cc: 'snort-users at lists.sourceforge.net'; Dirk_Geschke at ...1344...
Subject: Re: [Snort-users] snort loosing connection to Mysql


> I have just upgraded my snort binary to 2.4.4, which is logging to a
> Mysql Database.
> For patching reasons, the Mysql host is being rebooted every week and
> the upgrade the snort binary would re-conenct to the DB without any
> problems, once the box was back up and running.

probably you changed the version of the MySQL database. The old
(MySQL 4.x) did automatically a reconnect whereas this is disabled with
the newer versions.

But just for this reason I would choose another way to insert the alerts
in the database, there are several solutions available and you will not
loose any alert during the database is rebooted. (And it is even better
for the performance, the database access via the output plugin slows 
down snort and you may miss some packets...)

Best regards

Dirk Geschke

BTW: Are you living in world far away? Or why shows the email a date of 
Thu, 20 Apr 2006 07:37:20 +0100 and the email arrives here at a date of
Wed, 10 May 2006 23:44:00 +0200? Three weeks for delivery?

Using Tomcat but need to do more? Need to support web services,
Get stuff done quickly with pre-integrated technology to make your job
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list