[Snort-users] Barnyard2 reports database insert errors

beenph beenph at ...11827...
Sat Nov 2 18:56:33 EDT 2013


On Sat, Nov 2, 2013 at 6:06 PM, Dave Corsello
<snort-users at ...15598...> wrote:
>
> On 11/2/2013 1:16 PM, beenph wrote:

>>> environment.  I'll look into that when I have time.
>>>
>> I do not even understand that you mean by "status" at the mysql level.
>
> MySQL returns info on the success or failure of a query, right? That's
> what I mean by "status".
>

Yes but that is in the protocol (mysql client library talking to the
server), thus if the communication
betwen the client and the server would be cut, then yes there is a
possibility that
the "status" of the query if we use your definition  would not be returned, but
since the event insertion is transaction isolated, the result would
not be commited (unless the communication is killed right after
the commit and the transaction is processed on the server side but
never acknowledge on the client side)

And yes barnyard2 would retry to re-insert the same event (assuming
that the previous transaction was not
commited) and if the communication with the server is re-established
then it would try to issue the same transaction.


>> What i think is that you could have had a network outtage link betwen
>> the by2 vm and the mysql vm
>> and that as soon as the connection was brought back up, operation
>> resumed to normal but you got
>> the error message logged.
>
> I see, so you think the inserts initially fail, but barnyard2 tries
> again, and then they succeed.
>




More information about the Snort-users mailing list