[Snort-users] Understanding Snort and mysql vs Barnyard and mysql

Paul Schmehl pschmehl_lists at ...14358...
Thu May 7 11:28:27 EDT 2009


--On Thursday, May 07, 2009 08:19:28 -0500 James Lay <jlay at ...13475...> 
wrote:

> So I’ve been running barnyard2 (on the mac no less) for the last couple
> days.  This morning I saw:
>
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error:
> MySQL server has gone away
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN
> 07:12:22 gateway org.opensource.barnyard.plist[54590]: database: mysql_error:
> MySQL server has gone away
>
>
> I would see this all the time with snort (have a script to watch this and
> restart snort..though now I’ll change it to restart barnyard).  The sole
> reason I put barnyard in place was because I thought that Barnyard would make
> the above type errors go away.  Was that wrong?  This is on the same machine,
> so it’s not a remote connection.  Am I always going to see these if I use
> snort with mysql?  Thanks.

Two guesses what the common element is.

This is a problem with mysql.  It might be resolved by adding some code to 
barnyard2 that checks for the connection going away and re-establishes it when 
it has.  But at the end of the day, Oracle needs to fix it in mysql.  (Good 
luck with that.)

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.





More information about the Snort-users mailing list