Re: [Snort-users] MySQL Disconnects/Mudpit
This is a discussion on Re: [Snort-users] MySQL Disconnects/Mudpit within the Snort forums, part of the System Security and Security Related category; This is a multipart message in MIME format. --=_alternative 006370E988256DEA_= Content-Type: text/plain; charset="us-ascii" I'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-26-2003
|
|||
|
|||
Re: [Snort-users] MySQL Disconnects/Mudpit
This is a multipart message in MIME format.
--=_alternative 006370E988256DEA_= Content-Type: text/plain; charset="us-ascii" I'm trying out mudpit but I use Solaris 8 and I've run into several errors compiling. ./configure is OK but make results in these errors: make all-recursive make[1]: Entering directory `/export/spare/test/mudpit-1.3' Making all in src make[2]: Entering directory `/export/spare/test/mudpit-1.3/src' gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -c mudpit.c In file included from mudpit.c:32: mp_util.h:59: warning: conflicting types for built-in function `log' In file included from mp_maps.h:28, from mudpit.c:34: mp_maps_defs.h:38: error: parse error before "u_int32_t" mp_maps_defs.h:38: warning: no semicolon at end of struct or union mp_maps_defs.h:39: warning: data definition has no type or storage class mp_maps_defs.h:40: error: parse error before "rev" mp_maps_defs.h:40: warning: data definition has no type or storage class mp_maps_defs.h:44: error: parse error before '}' token mp_maps_defs.h:44: warning: data definition has no type or storage class In file included from mudpit.c:34: mp_maps.h:33: error: parse error before '*' token mp_maps.h:33: warning: data definition has no type or storage class make[2]: *** [mudpit.o] Error 1 make[2]: Leaving directory `/export/spare/test/mudpit-1.3/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/spare/test/mudpit-1.3' make: *** [all-recursive-am] Error 2 Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson@splwg.com | +1.415.357.4787 Ben Nelson <lists@venom600.org> 11/26/2003 10:44 AM MST Please respond to lists To: adam_peterson@splwg.com cc: snort-users@lists.sourceforge.net Subject: Re: [Snort-users] MySQL Disconnects You can solve this problem by logging to unified log format files on the local sensor, then use mudpit or something to parse the files and insert into your MySQL database. If the database is unavailable, mudpit will just keep its place in the log file and keep trying to connect to the MySQL server. --Ben adam_peterson@splwg.com wrote: > > I have 2 sensors running at remote locations where bandwidth isn't > exactly the best. It looks like snort is losing connection to my MySQL > server accross the link. I have 1 other sensor in the exact same > scenario and it never loses connection. I'm determining this by running > netstat on the remote box and seeing only my ssh connection. If I > restart snort, I see a connection on port 3306 to my MySQL server. > > Does anyone know why this is happening? My guess would be a timeout > somewhere but I would hope that snort would re-establish the connection > if it needs to. I know that these sensors are getting alerts but aren't > able to send them to the db because of the disconnect. > > Any help is greatly appreciated. > > Adam Peterson | Senior WAN Engineer | SPL WorldGroup | > adam_peterson@splwg.com --=_alternative 006370E988256DEA_= Content-Type: text/html; charset="us-ascii" <br><font size=2 face="sans-serif">I'm trying out mudpit but I use Solaris 8 and I've run into several errors compiling. ./configure is OK but make results in these errors:</font> <br> <br><font size=2 face="sans-serif">make all-recursive</font> <br><font size=2 face="sans-serif">make[1]: Entering directory `/export/spare/test/mudpit-1.3'</font> <br><font size=2 face="sans-serif">Making all in src</font> <br><font size=2 face="sans-serif">make[2]: Entering directory `/export/spare/test/mudpit-1.3/src'</font> <br><font size=2 face="sans-serif">gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -c mudpit.c</font> <br><font size=2 face="sans-serif">In file included from mudpit.c:32:</font> <br><font size=2 face="sans-serif">mp_util.h:59: warning: conflicting types for built-in function `log'</font> <br><font size=2 face="sans-serif">In file included from mp_maps.h:28,</font> <br><font size=2 face="sans-serif"> from mudpit.c:34:</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:38: error: parse error before "u_int32_t"</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:38: warning: no semicolon at end of struct or union</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:39: warning: data definition has no type or storage class</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:40: error: parse error before "rev"</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:40: warning: data definition has no type or storage class</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:44: error: parse error before '}' token</font> <br><font size=2 face="sans-serif">mp_maps_defs.h:44: warning: data definition has no type or storage class</font> <br><font size=2 face="sans-serif">In file included from mudpit.c:34:</font> <br><font size=2 face="sans-serif">mp_maps.h:33: error: parse error before '*' token</font> <br><font size=2 face="sans-serif">mp_maps.h:33: warning: data definition has no type or storage class</font> <br><font size=2 face="sans-serif">make[2]: *** [mudpit.o] Error 1</font> <br><font size=2 face="sans-serif">make[2]: Leaving directory `/export/spare/test/mudpit-1.3/src'</font> <br><font size=2 face="sans-serif">make[1]: *** [all-recursive] Error 1</font> <br><font size=2 face="sans-serif">make[1]: Leaving directory `/export/spare/test/mudpit-1.3'</font> <br><font size=2 face="sans-serif">make: *** [all-recursive-am] Error 2<br> <br> Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson@splwg.com | +1.415.357.4787</font> <br> <br> <br> <table width=100%> <tr valign=top> <td> <td><font size=1 face="sans-serif"><b>Ben Nelson <lists@venom600.org></b></font> <p><font size=1 face="sans-serif">11/26/2003 10:44 AM MST</font> <br><font size=1 face="sans-serif">Please respond to lists</font> <br> <td><font size=1 face="Arial"> </font> <br><font size=1 face="sans-serif"> To: adam_peterson@splwg.com</font> <br><font size=1 face="sans-serif"> cc: snort-users@lists.sourceforge.net</font> <br><font size=1 face="sans-serif"> Subject: Re: [Snort-users] MySQL Disconnects</font></table> <br> <br> <br><font size=2 face="Courier New">You can solve this problem by logging to unified log format files on the <br> local sensor, then use mudpit or something to parse the files and insert <br> into your MySQL database. If the database is unavailable, mudpit will <br> just keep its place in the log file and keep trying to connect to the <br> MySQL server.<br> <br> --Ben<br> <br> adam_peterson@splwg.com wrote:<br> > <br> > I have 2 sensors running at remote locations where bandwidth isn't <br> > exactly the best. It looks like snort is losing connection to my MySQL <br> > server accross the link. I have 1 other sensor in the exact same <br> > scenario and it never loses connection. I'm determining this by running <br> > netstat on the remote box and seeing only my ssh connection. If I <br> > restart snort, I see a connection on port 3306 to my MySQL server.<br> > <br> > Does anyone know why this is happening? My guess would be a timeout <br> > somewhere but I would hope that snort would re-establish the connection <br> > if it needs to. I know that these sensors are getting alerts but aren't <br> > able to send them to the db because of the disconnect.<br> > <br> > Any help is greatly appreciated.<br> > <br> > Adam Peterson | Senior WAN Engineer | SPL WorldGroup | <br> > adam_peterson@splwg.com<br> <br> </font> <br> <br> --=_alternative 006370E988256DEA_=-- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
