RE: [Snort-users] MySQL Disconnects/Mudpit
This is a discussion on RE: [Snort-users] MySQL Disconnects/Mudpit within the Snort forums, part of the System Security and Security Related category; Adam, I=92m not sure if it will help but I have a guide for Solaris on my = website. It ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-26-2003
|
|||
|
|||
RE: [Snort-users] MySQL Disconnects/Mudpit
Adam,
I=92m not sure if it will help but I have a guide for Solaris on my = website. It is in BETA at this time looking for people interested in making sure = the bugs are worked out :) Cheers... -Michael Steele -- =A0System Engineer / Security Support Technician=A0=A0=A0=A0 =A0mailto:michaels@winsnort.com=A0=A0=A0 =A0Website: http://www.winsnort.com =A0Snort: Open Source Network IDS - http://www.snort.org ________________________________________ From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of adam_peterson@splwg.com Sent: Wednesday, November 26, 2003 10:06 AM To: snort-users@lists.sourceforge.net Subject: Re: [Snort-users] MySQL Disconnects/Mudpit I'm trying out mudpit but I use Solaris 8 and I've run into several = errors compiling. =A0./configure is OK but make results in these errors:=20 make =A0all-recursive=20 make[1]: Entering directory `/export/spare/test/mudpit-1.3'=20 Making all in src=20 make[2]: Entering directory `/export/spare/test/mudpit-1.3/src'=20 gcc -DHAVE_CONFIG_H -I. -I. -I.. =A0 =A0 -g -O2 -c mudpit.c=20 In file included from mudpit.c:32:=20 mp_util.h:59: warning: conflicting types for built-in function `log'=20 In file included from mp_maps.h:28,=20 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0from mudpit.c:34:=20 mp_maps_defs.h:38: error: parse error before "u_int32_t"=20 mp_maps_defs.h:38: warning: no semicolon at end of struct or union=20 mp_maps_defs.h:39: warning: data definition has no type or storage class = mp_maps_defs.h:40: error: parse error before "rev"=20 mp_maps_defs.h:40: warning: data definition has no type or storage class = mp_maps_defs.h:44: error: parse error before '}' token=20 mp_maps_defs.h:44: warning: data definition has no type or storage class = In file included from mudpit.c:34:=20 mp_maps.h:33: error: parse error before '*' token=20 mp_maps.h:33: warning: data definition has no type or storage class=20 make[2]: *** [mudpit.o] Error 1=20 make[2]: Leaving directory `/export/spare/test/mudpit-1.3/src'=20 make[1]: *** [all-recursive] Error 1=20 make[1]: Leaving directory `/export/spare/test/mudpit-1.3'=20 make: *** [all-recursive-am] Error 2 Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson@splwg.com | +1.415.357.4787=20 Ben Nelson <lists@venom600.org>=20 11/26/2003 10:44 AM MST=20 Please respond to lists=20 =A0 =A0 =A0 =A0=20 =A0 =A0 =A0 =A0 To: =A0 =A0 =A0 =A0adam_peterson@splwg.com=20 =A0 =A0 =A0 =A0 cc: =A0 =A0 =A0 =A0snort-users@lists.sourceforge.net=20 =A0 =A0 =A0 =A0 Subject: =A0 =A0 =A0 =A0Re: [Snort-users] MySQL = Disconnects You can solve this problem by logging to unified log format files on the = local sensor, then use mudpit or something to parse the files and insert = into your MySQL database. =A0If the database is unavailable, mudpit will = just keep its place in the log file and keep trying to connect to the=20 MySQL server. --Ben adam_peterson@splwg.com wrote: >=20 > I have 2 sensors running at remote locations where bandwidth isn't=20 > exactly the best. =A0It looks like snort is losing connection to my = MySQL=20 > server accross the link. =A0I have 1 other sensor in the exact same=20 > scenario and it never loses connection. =A0I'm determining this by = running=20 > netstat on the remote box and seeing only my ssh connection. =A0If I=20 > restart snort, I see a connection on port 3306 to my MySQL server. >=20 > Does anyone know why this is happening? =A0My guess would be a timeout = > somewhere but I would hope that snort would re-establish the = connection=20 > if it needs to. =A0I know that these sensors are getting alerts but = aren't=20 > able to send them to the db because of the disconnect. >=20 > Any help is greatly appreciated. >=20 > Adam Peterson | Senior WAN Engineer | SPL WorldGroup |=20 > adam_peterson@splwg.com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
