[Snort-users] Understanding Snort and mysql vs Barnyard and mysql

firnsy firnsy at ...14568...
Thu May 7 20:16:18 EDT 2009


G'day James,

This was a small side effect to aligning to all of Snort's output plugins.

Now that this has been done, we can now start to implement appropriate
features as required. We have just released beta3 of the next version which
should have more resilient reconnection support for MySQL databases.

The reconnection is a blocking action and should be taken into consideration
if multiple output plugins are configured.

- firnsy



From: James Lay [mailto:jlay at ...13475...] 
Sent: Thursday, 7 May 2009 10:49 PM
To: Snort
Subject: [Snort-users] Understanding Snort and mysql vs Barnyard and mysql

So I’ve been running barnyard2 (on the mac no less) for the last couple
days.  This morning I saw:

07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away
07:12:22 gateway org.opensource.barnyard.plist[54590]: SQL=BEGIN
07:12:22 gateway org.opensource.barnyard.plist[54590]: database:
mysql_error: MySQL server has gone away


I would see this all the time with snort (have a script to watch this and
restart snort..though now I’ll change it to restart barnyard).  The sole
reason I put barnyard in place was because I thought that Barnyard would
make the above type errors go away.  Was that wrong?  This is on the same
machine, so it’s not a remote connection.  Am I always going to see these if
I use snort with mysql?  Thanks.

James 





More information about the Snort-users mailing list