Re: barnyard regular restart required

[Ian Masters <ian () acces co jp>]

Thanks again for the reply.

> Again I do not use Barnyard, but any chance you are using outputting from
> Barnyard to MySQL (did not catch it the first time but you must be if you
> are using base...)? More specifically MySQL Server 5, there is an issue
> where the connection to MySQL times out, and MySQL does nothing about it.

I am indeed outputting from Barnyard to MySQL and my MySQL version is
indeed 5 (Sorry I didn't include this information to begin with)

> With Snort logging straight to MySQL this manifests as Snort log messages
> like "snort[10778]: database: mysql_error: MySQL server has gone away "
>
> Not sure if Barnyard will log anything in this senario...

I haven't come across anything useful like that yet.

> I *believe* that if you run lsof -i it will still show that snort
> (barnyard in your case) is still connected to MySQL (even tho the
> connection is dead)

lsof -i shows:
mysqld     4637   mysql   10u  IPv4    8513       TCP *:mysql (LISTEN)

The machine is a test machine which gets very few alerts.

Thanks for the ideas. It's given me a bit more to think about. I'm
surprised that it's not happening to other users too.

Ian


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users