[Snort-users] Understanding Snort and mysql vs Barnyard and mysql

Joel Esler jesler at ...1935...
Thu May 7 09:38:15 EDT 2009


On Thu, May 7, 2009 at 9:19 AM, James Lay <jlay at ...13475...> wrote:
>
> So I’ve been running barnyard2 (on the mac no less) for the last couple
days.  This morning I saw:
>
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
>
>
> I would see this all the time with snort (have a script to watch this and
restart snort..though now I’ll change it to restart barnyard).  The sole
reason I put barnyard in place was because I thought that Barnyard would
make the above type errors go away.  Was that wrong?  This is on the same
machine, so it’s not a remote connection.  Am I always going to see these if
I use snort with mysql?  Thanks.


If Snort loses it's connection (or it times out) to mysql, then yes.
 Barnyard2 uses the same db code as Snort does, so it can't "reconnect" if
the connection dies.  Barnyard (1) had the capability.
I know the barnyard2 guys monitor this list, and will assume they'll take a
look at this.  The ability for the output method to reconnect upon
disconnect is key, IMO.


--
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974 |
http://twitter.com/joelesler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090507/fb413d0c/attachment.html>


More information about the Snort-users mailing list