Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: barnyard patches? http://colin.grady.us/ offline ?

From: Michael Scheidell <michael.scheidell () secnap com>
Date: Tue, 29 Mar 2011 16:19:11 -0400
On 3/29/11 7:01 AM, Michael Scheidell wrote:

Works just fine on snort 2.9.0.4<http://2.9.0.4>. Just has issues with mysql 5x and connection timeouts.
I guess even with colins patches, barnyard(1) still has problems with mysql5 and connections timeouts. 

if I see this in the /var/log/messages:

grep barnyard /var/log/messages
Mar 29 22:05:00 barnyard[44885]: Lost connection to MySQL server. Reconnecting
I know that barnyard (1) got 'stuck' and anything in log.* after that won't be sent to mysql. 

(waldo.log has correct log.* file,)
if I reload barnyard, then it loads the missing records, and the waldo.log pointer is incremented. (not the log.*) but the waldo.log pointer.
so, even with colin's patches, looks like barnyard(1) is an issue with mysql5. Let me find out why we arn't using barnyard2. 




--
Michael Scheidell
CTO SECNAP Network Security
561-948-2259<tel:5619482259>


-----Original message-----
From: Paul Schmehl<pschmehl_lists () tx rr com>
To: Michael Scheidell<michael.scheidell () secnap com>, Colin Grady<colin.grady () gmail com>
Cc: "<snort-users () lists sourceforge net>"<snort-users () lists sourceforge net>
Sent: Mon, Mar 28, 2011 17:27:14 GMT+00:00
Subject: Re: [Snort-users] barnyard patches? http://colin.grady.us/ offline?

The FreeBSD barnyard port was DEPRECATED and was supposed to expire at the
end of last year.  Not sure why it's still in the tree, but if you're still
using that, you're on your own as far as patching goes.  I will not be
updating the port, because it needs to go away.  Barnyard does not support
any of the current snort releases.

--On March 28, 2011 9:59:09 AM -0400 Michael Scheidell
<michael.scheidell () secnap com>  wrote:


I do have the patches, I was looking for documentation on the patches,
and want to use that documentation to justify asking freebsd ports
maintainer to add them in.

(its the patches for the mysql disconnect, the caching of next sid,
adding vseq into schema), etc.
  the one that starts like this?

diff -ruBN barnyard-0.2.0/configure barnyard-0.2.0-all/configure
  --- barnyard-0.2.0/configure    2004-05-01 11:52:17.000000000 -0500
  +++ barnyard-0.2.0-all/configure        2006-04-08 00:12:05.000000000
-0500
  @@ -709,7 +709,7 @@

   PACKAGE=barnyard

  -VERSION=0.2.0
  +VERSION=0.2.0-cmg

  if test "`cd $srcdir&&  pwd`" != "`pwd`"&&  test -f
$srcdir/config.status; then
     { echo "configure: error: source directory already configured; run
"make distclean" there first" 1>&2; exit 1; }
  diff -ruBN barnyard-0.2.0/src/output-plugins/op_acid_db.c
barnyard-0.2.0-all/src/output-plugins/op_acid_db.c
  --- barnyard-0.2.0/src/output-plugins/op_acid_db.c      2004-04-03
13:57:32.000000000 -0600
  +++ barnyard-0.2.0-all/src/output-plugins/op_acid_db.c  2006-04-08
00:24:26.000000000 -0500
  @@ -45,11 +45,20 @@
   #endif /* ENABLE_POSTGRES */

   /*  D A T A   S T R U C T U R E S
**************************************/
  +typedef struct _DbSignature
  +{
  +    int gen;
  +    int sid;


On 3/28/11 9:51 AM, Colin Grady wrote:


I should have the site archived, and can provide you any of the patches
you're looking for.



I do have the patch, and have added it in manually every time I have
upgraded barnyard from freebsd ports.

yes, I can host the site easy enough with a freebsd jailed VPS.



--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

   * Best Intrusion Prevention Product, Networks Product Guide
   * Certified SNORT Integrator
   * Hot Company Award, World Executive Alliance
   * Best in Email Security, 2010 Network Products Guide
   * King of Spam Filters, SC Magazine


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ 
______________________________________________________________________  
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: