[Snort-users] barnyard regular restart required
ian at ...12163...
Mon Mar 9 04:48:31 EDT 2009
Thanks again for the reply.
> Again I do not use Barnyard, but any chance you are using outputting from
> Barnyard to MySQL (did not catch it the first time but you must be if you
> are using base...)? More specifically MySQL Server 5, there is an issue
> where the connection to MySQL times out, and MySQL does nothing about it.
I am indeed outputting from Barnyard to MySQL and my MySQL version is
indeed 5 (Sorry I didn't include this information to begin with)
> With Snort logging straight to MySQL this manifests as Snort log messages
> like "snort: database: mysql_error: MySQL server has gone away "
> Not sure if Barnyard will log anything in this senario...
I haven't come across anything useful like that yet.
> I *believe* that if you run lsof -i it will still show that snort
> (barnyard in your case) is still connected to MySQL (even tho the
> connection is dead)
lsof -i shows:
mysqld 4637 mysql 10u IPv4 8513 TCP *:mysql (LISTEN)
The machine is a test machine which gets very few alerts.
Thanks for the ideas. It's given me a bit more to think about. I'm
surprised that it's not happening to other users too.
More information about the Snort-users