Snort mailing list archives
RE: Snort Stops Sending Alerts to MySQL
From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 8 Nov 2002 11:54:45 -0800
Ian, If for whatever reason the network connection is dropped (NIC goes up and down) you will loose the database connection and Snort will quit sending. Look in your logs for this event. This is the typical reason why sensors quit sending, intermittently, and this could be happening on either end. The 1.9.0 MySQL release is called StdDB release on our site, but you might want to wait for 1.9.1. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Parker, Ian [mailto:parker.ian () syncrude com] Sent: November 8, 2002 11:04 AM To: 'Michael Steele'; 'Parker, Ian' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort Stops Sending Alerts to MySQL Michael, All of the sensors are remote. There is no sensor on the same box as the MySQL database. I am aware of the Windows binary for 1.9.0, but the variants on your web site do not include one that has MySQL support. Will the 1.9.1 version have this? Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Friday, November 08, 2002 11:04 AM To: 'Parker, Ian' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort Stops Sending Alerts to MySQL Ian, Is this ONLY happening on the remote sensors? There is a Windows binary available for 1.9.0, but there is a new 1.9.1 version of Snort being released in the couple of days, and that release will be available on our website. The release version of Snort 1.9.0 had some problems which has been fixed in Snort 1.9.1. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Parker, Ian Sent: Friday, November 08, 2002 7:25 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort Stops Sending Alerts to MySQL I have Snort V1.8.7 sensors running on three Windows XP SP1 machines, each sending alerts to a central ACID console. Periodically, one or more sensors just stops sending alerts. There is nothing in the event logs to indicate a problem. Stopping and restarting the Snort service fixes the problem. Has anyone else noticed this kind of behaviour? Is there a way to troubleshoot this? I would try running V1.9, except that there doesn't seem to be a Windows binary available yet with MySQL suppport. Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Stops Sending Alerts to MySQL Parker, Ian (Nov 08)
- RE: Snort Stops Sending Alerts to MySQL Michael Steele (Nov 08)
- <Possible follow-ups>
- RE: Snort Stops Sending Alerts to MySQL Parker, Ian (Nov 08)
- RE: Snort Stops Sending Alerts to MySQL Michael Steele (Nov 08)