Hi David,
[...]
Obviously it would be nice if some process could be configured to retry
this connection and get the data back to the server. What do other people
use to get over this problem ? I mean, if you have a connectivity problem
into your data centre and you lose connectivty to all your probes, do people
really manually log into each remote probe and restart the service ? It
just seems a bit . . . manual. I accept that it is a limitation of the mysql
client in use, but in practical terms what do people do to ensure the database
link doesn't stay down for hours(days/weeks) after a temporary glitch like this
?
the problem is already solved by using other mechanisms to feed the database...
You can for example use barnyard or FLoP for this purpose, both will be able
to react on a missing database link in the right way: They try to re-connect.
The problem with the database ouput-plugin of snort is obviously: Do you
really want to block snort's dectection processing until a connection to
the database was re-enabled?
Even with a working database: Snort has to wait until all data is feeded
into the database before it can process the next packet. Sounds a little
bit like a bottleneck, or?
Best regards
Dirk
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
