Snort mailing list archives
Re: MySQL Disconnects
From: Ben Nelson <lists () venom600 org>
Date: Wed, 26 Nov 2003 10:44:16 -0700
You can solve this problem by logging to unified log format files on the local sensor, then use mudpit or something to parse the files and insert into your MySQL database. If the database is unavailable, mudpit will just keep its place in the log file and keep trying to connect to the MySQL server.
--Ben adam_peterson () splwg com wrote:
I have 2 sensors running at remote locations where bandwidth isn't exactly the best. It looks like snort is losing connection to my MySQL server accross the link. I have 1 other sensor in the exact same scenario and it never loses connection. I'm determining this by running netstat on the remote box and seeing only my ssh connection. If I restart snort, I see a connection on port 3306 to my MySQL server.Does anyone know why this is happening? My guess would be a timeout somewhere but I would hope that snort would re-establish the connection if it needs to. I know that these sensors are getting alerts but aren't able to send them to the db because of the disconnect.Any help is greatly appreciated.Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MySQL Disconnects adam_peterson (Nov 26)
- Re: MySQL Disconnects Ben Nelson (Nov 26)