[Snort-users] barnyard regular restart required
pschmehl_lists at ...14358...
Mon Mar 9 09:50:26 EDT 2009
--On Monday, March 09, 2009 03:48:31 -0500 Ian Masters <ian at ...12163...> wrote:
> Thanks again for the reply.
>> Again I do not use Barnyard, but any chance you are using outputting from
>> Barnyard to MySQL (did not catch it the first time but you must be if you
>> are using base...)? More specifically MySQL Server 5, there is an issue
>> where the connection to MySQL times out, and MySQL does nothing about it.
> I am indeed outputting from Barnyard to MySQL and my MySQL version is
> indeed 5 (Sorry I didn't include this information to begin with)
>> With Snort logging straight to MySQL this manifests as Snort log messages
>> like "snort: database: mysql_error: MySQL server has gone away "
>> Not sure if Barnyard will log anything in this senario...
> I haven't come across anything useful like that yet.
>> I *believe* that if you run lsof -i it will still show that snort
>> (barnyard in your case) is still connected to MySQL (even tho the
>> connection is dead)
> lsof -i shows:
> mysqld 4637 mysql 10u IPv4 8513 TCP *:mysql (LISTEN)
> The machine is a test machine which gets very few alerts.
> Thanks for the ideas. It's given me a bit more to think about. I'm
> surprised that it's not happening to other users too.
What makes you think it isn't? Some of us are watching the thread wondering if
someone has an answer.
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
Check the headers before clicking on Reply.
More information about the Snort-users