Re: barnyard patches? http://colin.grady.us/ offline ?

[Agustin Roca <agustin.roca () globant com>]

Great tip.. thanks.. will check with this new timeout i had set.

2011/3/31 beenph <beenph () gmail com>

> Stock Barnyard allways had some issue with connection persistance to
> databases.
> Relibility of the output pluggin is based on output pluggin code and
> the DBMS api ability to
> be tolerent to lost of connectivity to the database.
>
> A simple fix if you can code a bit, is to add check for handle before
> issuing a SQL command and if the handle is invalid, try to reconnect.
>
> Now if this happen offent with you database backend, there might be an
> other problem lying arround that would make it drop some connection
> and you might want to investigate this also hence you can't code a
> handle validity function that will validate that the re-connected
> handle works before
> issuing an other command...
>
> anyways its the general idea.
>
> -elz
>
>
>
> On Tue, Mar 29, 2011 at 11:29 AM, Agustin Roca <agustin.roca () globant com>
> wrote:
> > This is for barnyard; barnyard2 still having same issues of MYSQL gone
> > away.. Anyone has solve this?
> >
> > Thanks
> >
> > 2011/3/29 Michael Scheidell <michael.scheidell () secnap com>
> > > Works just fine on snort 2.9.0.4<http://2.9.0.4>. Just has issues with
> > > mysql 5x and connection timeouts.
> > >
> > > --
> > > Michael Scheidell
> > > CTO SECNAP Network Security
> > > 561-948-2259<tel:5619482259>
> > >
> > >
> > > -----Original message-----
> > > From: Paul Schmehl <pschmehl_lists () tx rr com>
> > > To: Michael Scheidell <michael.scheidell () secnap com>, Colin Grady
> > > <colin.grady () gmail com>
> > > Cc: "<snort-users () lists sourceforge net>"
> > > <snort-users () lists sourceforge net>
> > > Sent: Mon, Mar 28, 2011 17:27:14 GMT+00:00
> > > Subject: Re: [Snort-users] barnyard patches? http://colin.grady.us/
> > > offline?
> > >
> > > The FreeBSD barnyard port was DEPRECATED and was supposed to expire at
> the
> > > end of last year.  Not sure why it's still in the tree, but if you're
> > > still
> > > using that, you're on your own as far as patching goes.  I will not be
> > > updating the port, because it needs to go away.  Barnyard does not
> support
> > > any of the current snort releases.
> > >
> > > --On March 28, 2011 9:59:09 AM -0400 Michael Scheidell
> > > <michael.scheidell () secnap com> wrote:
> > >
> > > > I do have the patches, I was looking for documentation on the patches,
> > > > and want to use that documentation to justify asking freebsd ports
> > > > maintainer to add them in.
> > > >
> > > > (its the patches for the mysql disconnect, the caching of next sid,
> > > > adding vseq into schema), etc.
> > > >  the one that starts like this?
> > > >
> > > > diff -ruBN barnyard-0.2.0/configure barnyard-0.2.0-all/configure
> > > >  --- barnyard-0.2.0/configure    2004-05-01 11:52:17.000000000 -0500
> > > >  +++ barnyard-0.2.0-all/configure        2006-04-08 00:12:05.000000000
> > > > -0500
> > > >  @@ -709,7 +709,7 @@
> > > >
> > > >   PACKAGE=barnyard
> > > >
> > > >  -VERSION=0.2.0
> > > >  +VERSION=0.2.0-cmg
> > > >
> > > >  if test "`cd $srcdir && pwd`" != "`pwd`" && test -f
> > > > $srcdir/config.status; then
> > > >     { echo "configure: error: source directory already configured; run
> > > > "make distclean" there first" 1>&2; exit 1; }
> > > >  diff -ruBN barnyard-0.2.0/src/output-plugins/op_acid_db.c
> > > > barnyard-0.2.0-all/src/output-plugins/op_acid_db.c
> > > >  --- barnyard-0.2.0/src/output-plugins/op_acid_db.c      2004-04-03
> > > > 13:57:32.000000000 -0600
> > > >  +++ barnyard-0.2.0-all/src/output-plugins/op_acid_db.c  2006-04-08
> > > > 00:24:26.000000000 -0500
> > > >  @@ -45,11 +45,20 @@
> > > >   #endif /* ENABLE_POSTGRES */
> > > >
> > > >   /*  D A T A   S T R U C T U R E S
> > > > **************************************/
> > > >  +typedef struct _DbSignature
> > > >  +{
> > > >  +    int gen;
> > > >  +    int sid;
> > > >
> > > >
> > > > On 3/28/11 9:51 AM, Colin Grady wrote:
> > > >
> > > >
> > > > I should have the site archived, and can provide you any of the
> patches
> > > > you're looking for.
> > > >
> > > >
> > > >
> > > > I do have the patch, and have added it in manually every time I have
> > > > upgraded barnyard from freebsd ports.
> > > >
> > > > yes, I can host the site easy enough with a freebsd jailed VPS.
> > >
> > >
> > >
> > > --
> > > Paul Schmehl, Senior Infosec Analyst
> > > As if it wasn't already obvious, my opinions
> > > are my own and not those of my employer.
> > > *******************************************
> > > "It is as useless to argue with those who have
> > > renounced the use of reason as to administer
> > > medication to the dead." Thomas Jefferson
> > > "There are some ideas so wrong that only a very
> > > intelligent person could believe in them." George Orwell
> ------------------------------------------------------------------------------
> > > Enable your software for Intel(R) Active Management Technology to meet
> the
> > > growing manageability and security demands of your customers. Businesses
> > > are taking advantage of Intel(R) vPro (TM) technology - will your
> software
> > > be a part of the solution? Download the Intel(R) Manageability Checker
> > > today! http://p.sf.net/sfu/intel-dev2devmar
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> > --
> > Agustin Roca
> > Information Security Team
> > agustin.roca () globant com
> > work: 54+(011) 4109.1700 ext. 8098
> > cel: 54+(011)15-5022-3042
> ------------------------------------------------------------------------------
> > Create and publish websites with WebMatrix
> > Use the most popular FREE web apps or write code yourself;
> > WebMatrix provides all the features you need to develop and
> > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Agustin Roca
Information Security Team
agustin.roca () globant com
work: 54+(011) 4109.1700 ext. 8098
cel: 54+(011)15-5022-3042

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users