[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    [stunnel-users] Stunnel + Snort + MySQL
From:       "Steven" <steven () lovebug ! org>
Date:       2006-05-02 16:41:59
Message-ID: 002b01c66e07$55a37540$dc02a8c0 () island55
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I have a problem that I have been unsuccessful in solve thus far with Stunnel, Snort, \
and MySQL.

Stunnel (client & server): 4.04
Snort: 2.4.4 on the client
MySQL Ver 11.18 Distrib 3.23.58, for redhat-linux-gnu (i386) [not the latest and \
greatest by any means]

I setup stunnel so that traffic destined for localhost 3306 (mysql) on the client \
goes to port 3307 on the server.  Stunnel on the server is setup to take traffic from \
3307 and send it to 3306 locally.  This connection works fine.  I can fire up Snort \
and have events properly log to my snort database on the server from the client.  \
However, if stunnel is stopped/restarted on either the client or the server Snort is \
not able to keep writing to the database unless it is restarted.  I just get this \
error:

May  2 12:44:03 box snort[44126]: database: Problem inserting a new signature 'Test \
                Snort Signature'
May  2 12:44:03 box1 snort[44126]: database: mysql_error: MySQL server has gone away \
SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('4', '22', '0', \
                '2006-05-02 16:44:03.322')
May  2 12:44:03 box snort[44126]: database: mysql_error: MySQL server has gone away \
SQL=ROLLBACK

Whenever I close stunnel it sends traffic to the other end.  I can restart it and \
open up new connections just fine.  However, Snort will not even try and connect to \
port 3306.  Once stunnel has been stopped (or even restarted) it just immediately \
fails to even try and connect to the port.  It seems there's some kind of signal sent \
that kills the connection (and all future connections?).  I cannot figure oout why \
this happens.  Any ideas?

Thanks

Steven


[Attachment #5 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2873" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I have a problem that I have been unsuccessful in 
solve thus far with Stunnel, Snort, and MySQL.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Stunnel (client &amp; server): 4.04</FONT></DIV>
<DIV><FONT face=Arial size=2>Snort: 2.4.4 on the client</FONT></DIV>
<DIV><FONT face=Arial size=2>MySQL Ver 11.18 Distrib 3.23.58, for 
redhat-linux-gnu (i386) [not the latest and greatest by any means]</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I setup stunnel so that traffic destined for 
localhost 3306 (mysql)&nbsp;on the client goes to port 3307 on the server.&nbsp; 
Stunnel on the server is setup to take traffic from 3307 and send it to 3306 
locally.&nbsp; This connection works fine.&nbsp; I can fire up Snort and have 
events properly log to my snort database on the server from the client.&nbsp; 
However, if stunnel is stopped/restarted on either the client or the server 
Snort is not able to keep writing to the database unless it is restarted.&nbsp; 
I just get this error:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>May&nbsp; 2 12:44:03&nbsp;box snort[44126]: 
database: Problem inserting a new signature 'Test Snort Signature'</FONT></DIV>
<DIV><FONT face=Arial size=2>May&nbsp; 2 12:44:03 box1 snort[44126]: database: 
mysql_error: MySQL server has gone away SQL=INSERT INTO event 
(sid,cid,signature,timestamp) VALUES ('4', '22', '0', '2006-05-02 
16:44:03.322')<BR>May&nbsp; 2 12:44:03&nbsp;box snort[44126]: database: 
mysql_error: MySQL server has gone away SQL=ROLLBACK<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Whenever I close stunnel it sends traffic to the 
other end.&nbsp; I can restart it and open up new connections just fine.&nbsp; 
However, Snort will not even try and connect to port 3306.&nbsp; Once stunnel 
has been stopped (or even restarted) it just immediately fails to even try and 
connect to the port.&nbsp; It seems there's some kind of signal sent that kills 
the connection (and all future connections?).&nbsp; I cannot figure oout why 
this happens.&nbsp; Any ideas?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Steven</DIV></FONT></BODY></HTML>


_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic