[Snort-users] barnyard regular restart required

Paul Schmehl pschmehl_lists at ...14358...
Mon Mar 9 09:50:26 EDT 2009


--On Monday, March 09, 2009 03:48:31 -0500 Ian Masters <ian at ...12163...> wrote:

>
> Thanks again for the reply.
>
>> Again I do not use Barnyard, but any chance you are using outputting from
>> Barnyard to MySQL (did not catch it the first time but you must be if you
>> are using base...)? More specifically MySQL Server 5, there is an issue
>> where the connection to MySQL times out, and MySQL does nothing about it.
>
> I am indeed outputting from Barnyard to MySQL and my MySQL version is
> indeed 5 (Sorry I didn't include this information to begin with)
>
>> With Snort logging straight to MySQL this manifests as Snort log messages
>> like "snort[10778]: database: mysql_error: MySQL server has gone away "
>>
>> Not sure if Barnyard will log anything in this senario...
>
> I haven't come across anything useful like that yet.
>
>> I *believe* that if you run lsof -i it will still show that snort
>> (barnyard in your case) is still connected to MySQL (even tho the
>> connection is dead)
>
> lsof -i shows:
> mysqld     4637   mysql   10u  IPv4    8513       TCP *:mysql (LISTEN)
>
> The machine is a test machine which gets very few alerts.
>
> Thanks for the ideas. It's given me a bit more to think about. I'm
> surprised that it's not happening to other users too.
>

What makes you think it isn't?  Some of us are watching the thread wondering if 
someone has an answer.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.





More information about the Snort-users mailing list