Snort mailing list archives
Re: Snort - ACID - MySQL - My Head Ache
From: <snort () xiata com>
Date: Sun, 23 Mar 2003 14:00:41 -0500 (EST)
No thing more. The application event log gives me the same as the XML garbage does. It is the snort service that stops. MySQL keeps on trucking like nothing is bothering it. Here is the event log entry (*2) 744,Application,Application Error,ERROR,XiataSNORT,Sun Mar 23 18:05:47 2003,1000,None,Faulting application snort.exe, version 0.0.0.0, faulting module snort.exe, version 0.0.0.0, fault address 0x0001fc6c. 743,Application,Application Error,ERROR,XiataSNORT,Sun Mar 23 17:57:42 2003,1000,None,Faulting application snort.exe, version 0.0.0.0, faulting module snort.exe, version 0.0.0.0, fault address 0x0001fc6c. As you can see there is not much to go from there. The comma delimited stuff breaks down like this: Event #, <Ignore>, <Ignore>, Type of Event, Event Header, HostName, Date/time, Event ID, Category, Event Data Attached is my snort.conf - with changes to IPs & MySQL user & pass to protect the innocent. Not that I changed much in it. The HomeNet is defined with real IPs in the same manner as the line suggests. I have no other info on this so I know that I am grasping a bit much to even hope to resolve this problem but I thought I would ask. Unless there is some way to dump extra data about how the snort service dies. I did a search on google & the MSKB for 0x0001fc6c but came up empty handed. If it helps any I installed this in February in a lab and had no problems. The moment I moved it to production (different IP address & location being the _only_ difference) it started to have problems. The initial set of instructions that I used where from Cnet Asia (http://www.asia.cnet.com/itmanager/specialreports/printfriendly.htm?AT=39092892-39006603t-39000240c) and then I revised them w/ the ones from SiliconDefense.com to try to clear up the problems I was having after the move to production (same as noted above. So the updates had not effect on resolving the issue). Carlos
[...snip...] Ok, pardon me for not following that XML garbage, but.... Other than files and versions, I can't see any useful information in it. Is there _any_ sort of error message listed? Is it Snort that dies, or is it MySQL? Anything in the EventLog, if XP has something like that. Thanks to MS for hiding things from the users! </sarcasm> ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson
Attachment:
xiatasnort.conf
Description:
Current thread:
- Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- <Possible follow-ups>
- Snort - ACID - MySQL - My Head Ache carlos (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 25)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)