Snort mailing list archives
Re: barnyard patches? http://colin.grady.us/ offline ?
From: Agustin Roca <agustin.roca () globant com>
Date: Thu, 31 Mar 2011 18:54:34 -0300
Great tip.. thanks.. will check with this new timeout i had set. 2011/3/31 beenph <beenph () gmail com>
Stock Barnyard allways had some issue with connection persistance to databases. Relibility of the output pluggin is based on output pluggin code and the DBMS api ability to be tolerent to lost of connectivity to the database. A simple fix if you can code a bit, is to add check for handle before issuing a SQL command and if the handle is invalid, try to reconnect. Now if this happen offent with you database backend, there might be an other problem lying arround that would make it drop some connection and you might want to investigate this also hence you can't code a handle validity function that will validate that the re-connected handle works before issuing an other command... anyways its the general idea. -elz On Tue, Mar 29, 2011 at 11:29 AM, Agustin Roca <agustin.roca () globant com> wrote:This is for barnyard; barnyard2 still having same issues of MYSQL gone away.. Anyone has solve this? Thanks 2011/3/29 Michael Scheidell <michael.scheidell () secnap com>Works just fine on snort 2.9.0.4<http://2.9.0.4>. Just has issues with mysql 5x and connection timeouts. -- Michael Scheidell CTO SECNAP Network Security 561-948-2259<tel:5619482259> -----Original message----- From: Paul Schmehl <pschmehl_lists () tx rr com> To: Michael Scheidell <michael.scheidell () secnap com>, Colin Grady <colin.grady () gmail com> Cc: "<snort-users () lists sourceforge net>" <snort-users () lists sourceforge net> Sent: Mon, Mar 28, 2011 17:27:14 GMT+00:00 Subject: Re: [Snort-users] barnyard patches? http://colin.grady.us/ offline? The FreeBSD barnyard port was DEPRECATED and was supposed to expire attheend of last year. Not sure why it's still in the tree, but if you're still using that, you're on your own as far as patching goes. I will not be updating the port, because it needs to go away. Barnyard does notsupportany of the current snort releases. --On March 28, 2011 9:59:09 AM -0400 Michael Scheidell <michael.scheidell () secnap com> wrote:I do have the patches, I was looking for documentation on the patches, and want to use that documentation to justify asking freebsd ports maintainer to add them in. (its the patches for the mysql disconnect, the caching of next sid, adding vseq into schema), etc. the one that starts like this? diff -ruBN barnyard-0.2.0/configure barnyard-0.2.0-all/configure --- barnyard-0.2.0/configure 2004-05-01 11:52:17.000000000 -0500 +++ barnyard-0.2.0-all/configure 2006-04-08 00:12:05.000000000 -0500 @@ -709,7 +709,7 @@ PACKAGE=barnyard -VERSION=0.2.0 +VERSION=0.2.0-cmg if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; } diff -ruBN barnyard-0.2.0/src/output-plugins/op_acid_db.c barnyard-0.2.0-all/src/output-plugins/op_acid_db.c --- barnyard-0.2.0/src/output-plugins/op_acid_db.c 2004-04-03 13:57:32.000000000 -0600 +++ barnyard-0.2.0-all/src/output-plugins/op_acid_db.c 2006-04-08 00:24:26.000000000 -0500 @@ -45,11 +45,20 @@ #endif /* ENABLE_POSTGRES */ /* D A T A S T R U C T U R E S **************************************/ +typedef struct _DbSignature +{ + int gen; + int sid; On 3/28/11 9:51 AM, Colin Grady wrote: I should have the site archived, and can provide you any of thepatchesyou're looking for. I do have the patch, and have added it in manually every time I have upgraded barnyard from freebsd ports. yes, I can host the site easy enough with a freebsd jailed VPS.-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell------------------------------------------------------------------------------Enable your software for Intel(R) Active Management Technology to meetthegrowing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will yoursoftwarebe a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Agustin Roca Information Security Team agustin.roca () globant com work: 54+(011) 4109.1700 ext. 8098 cel: 54+(011)15-5022-3042------------------------------------------------------------------------------Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Agustin Roca Information Security Team agustin.roca () globant com work: 54+(011) 4109.1700 ext. 8098 cel: 54+(011)15-5022-3042
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: barnyard patches? http://colin.grady.us/ offline ? Agustin Roca (Apr 02)