I have a problem that I have been unsuccessful in solve thus far with Stunnel, Snort, and MySQL.
Stunnel (client & server): 4.04 Snort: 2.4.4 on the client MySQL Ver 11.18 Distrib 3.23.58, for redhat-linux-gnu (i386) [not the latest and greatest by any means]
I setup stunnel so that traffic destined for localhost 3306 (mysql) on the client goes to port 3307 on the server. Stunnel on the server is setup to take traffic from 3307 and send it to 3306 locally. This connection works fine. I can fire up Snort and have events properly log to my snort database on the server from the client. However, if stunnel is stopped/restarted on either the client or the server Snort is not able to keep writing to the database unless it is restarted. I just get this error:
May 2 12:44:03 box snort[44126]: database: Problem inserting a new signature 'Test Snort Signature' May 2 12:44:03 box1 snort[44126]: database: mysql_error: MySQL server has gone away SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('4', '22', '0', '2006-05-02 16:44:03.322') May 2 12:44:03 box snort[44126]: database: mysql_error: MySQL server has gone away SQL=ROLLBACK
Whenever I close stunnel it sends traffic to the other end. I can restart it and open up new connections just fine. However, Snort will not even try and connect to port 3306. Once stunnel has been stopped (or even restarted) it just immediately fails to even try and connect to the port. It seems there's some kind of signal sent that kills the connection (and all future connections?). I cannot figure oout why this happens. Any ideas?
Thanks
Steven