Discussion:
[Snort-users] snort loosing connection to Mysql
(too old to reply)
Dirk Geschke
2006-05-11 12:27:17 UTC
Permalink
Hi
I have just upgraded my snort binary to 2.4.4, which is logging to a remot
Mysql Database
For patching reasons, the Mysql host is being rebooted every week and befor
the upgrade the snort binary would re-conenct to the DB without an
problems, once the box was back up and running
probably you changed the version of the MySQL database. The old behaviou
(MySQL 4.x) did automatically a reconnect whereas this is disabled wit
the newer versions

But just for this reason I would choose another way to insert the alert
in the database, there are several solutions available and you will no
loose any alert during the database is rebooted. (And it is even bette
for the performance, the database access via the output plugin slows
down snort and you may miss some packets...

Best regard

Dirk Geschk

BTW: Are you living in world far away? Or why shows the email a date of
Thu, 20 Apr 2006 07:37:20 +0100 and the email arrives here at a date o
Wed, 10 May 2006 23:44:00 +0200? Three weeks for delivery


------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security
Get stuff done quickly with pre-integrated technology to make your job easie
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=12164
______________________________________________
Snort-users mailing lis
Snort-***@lists.sourceforge.ne
Go to this URL to change user options or unsubscribe
https://lists.sourceforge.net/lists/listinfo/snort-user
Snort-users list archive
http://www.geocrawler.com/redir-sf.php3?list=snort-user
Briggs, Bruce
2006-05-11 12:39:03 UTC
Permalink
Dirk

If you check the headers from the orig e-mail, you will see

Received: from sc8-sf-list1-b.sourceforge.ne
(sc8-sf-list1-b.sourceforge.net [10.3.1.7]) b
sc8-sf-spam2.sourceforge.ne
(Postfix) with ESMTP id 5EC9D12664; Wed, 10 May 2006 14:43:53 -070
(PDT
Received: from sc8-sf-mx2-b.sourceforge.ne
([10.3.1.92] helo=mail.sourceforge.net) b
sc8-sf-list1.sourceforge.net wit
esmtp (Exim 4.30) id 1FWSnL-0005DR-UP fo
snort-***@lists.sourceforge.net
Wed, 19 Apr 2006 23:37:39 -070
Received: from cyclone.wcom.co.u
([193.131.254.139] helo=cyclone.emea.verizonbusiness.com
by mail.sourceforge.net with esmtps (TLSv1:AES256-SHA:256
(Exim 4.44
id 1FWSnJ-0004oP-L6 for snort-***@lists.sourceforge.net; =2

So, this one and a bunch of other e-mails were stuck a
sc8-sf-mx2-b.sourceforge.net until someone found them yesterday an
released them

Bruc

-----Original Message----
From: snort-users-***@lists.sourceforge.ne
[mailto:snort-users-***@lists.sourceforge.net] On Behalf Of Dir
Geschk
Sent: Thursday, May 11, 2006 8:27 A
To: Raynaud, Francoi
Cc: 'snort-***@lists.sourceforge.net'; ***@genua.d
Subject: Re: [Snort-users] snort loosing connection to Mysq

Hi
I have just upgraded my snort binary to 2.4.4, which is logging to
remot
Mysql Database
For patching reasons, the Mysql host is being rebooted every week an
befor
the upgrade the snort binary would re-conenct to the DB without an
problems, once the box was back up and running
probably you changed the version of the MySQL database. The ol
behaviou
(MySQL 4.x) did automatically a reconnect whereas this is disabled wit
the newer versions

But just for this reason I would choose another way to insert the alert
in the database, there are several solutions available and you will no
loose any alert during the database is rebooted. (And it is even bette
for the performance, the database access via the output plugin slows=2
down snort and you may miss some packets...

Best regard

Dirk Geschk

BTW: Are you living in world far away? Or why shows the email a date of=2
Thu, 20 Apr 2006 07:37:20 +0100 and the email arrives here at a date o
Wed, 10 May 2006 23:44:00 +0200? Three weeks for delivery


------------------------------------------------------
Using Tomcat but need to do more? Need to support web services
security
Get stuff done quickly with pre-integrated technology to make your jo
easie
Download IBM WebSphere Application Server v.1.0.1 based on Apach
Geronim
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=
12164
______________________________________________
Snort-users mailing lis
Snort-***@lists.sourceforge.ne
Go to this URL to change user options or unsubscribe
https://lists.sourceforge.net/lists/listinfo/snort-user
Snort-users list archive
http://www.geocrawler.com/redir-sf.php3?list=snort-user

------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security
Get stuff done quickly with pre-integrated technology to make your job easie
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat164
______________________________________________
Snort-users mailing lis
Snort-***@lists.sourceforge.ne
Go to this URL to change user options or unsubscribe
https://lists.sourceforge.net/lists/listinfo/snort-user
Snort-users list archive
http://www.geocrawler.com/redir-sf.php3?list=snort-user

Loading...