I have a problem that I have been unsuccessful in
solve thus far with Stunnel, Snort, and MySQL.
Stunnel (client & server): 4.04
Snort: 2.4.4 on the client
MySQL Ver 11.18 Distrib 3.23.58, for
redhat-linux-gnu (i386) [not the latest and greatest by any means]
I setup stunnel so that traffic destined for
localhost 3306 (mysql) on the client goes to port 3307 on the server.
Stunnel on the server is setup to take traffic from 3307 and send it to 3306
locally. This connection works fine. I can fire up Snort and have
events properly log to my snort database on the server from the client.
However, if stunnel is stopped/restarted on either the client or the server
Snort is not able to keep writing to the database unless it is restarted.
I just get this error:
May 2 12:44:03 box snort[44126]:
database: Problem inserting a new signature 'Test Snort Signature'
May 2 12:44:03 box1 snort[44126]: database:
mysql_error: MySQL server has gone away SQL=INSERT INTO event
(sid,cid,signature,timestamp) VALUES ('4', '22', '0', '2006-05-02
16:44:03.322')
May 2 12:44:03 box snort[44126]: database:
mysql_error: MySQL server has gone away SQL=ROLLBACK
Whenever I close stunnel it sends traffic to the
other end. I can restart it and open up new connections just fine.
However, Snort will not even try and connect to port 3306. Once stunnel
has been stopped (or even restarted) it just immediately fails to even try and
connect to the port. It seems there's some kind of signal sent that kills
the connection (and all future connections?). I cannot figure oout why
this happens. Any ideas?
Thanks
Steven