List,
Sorry it has taken me so long to find the reason for the lack of
data in the user interface after 24 hours, but I feel pretty good that
I finally did.
It is actually due to mysql 5.x wait_timeout setting. It is set
to 28800 which is 8 hours. This means that if a client connects (via
tcp or unix socket) and has no activity in that time, the connection
will be closed.
In previous versions of mysql, we could open a connection and it
would stay open till we closed it. That is no longer valid.
Could someone out there that is having this issue with the 1.2
version of the honeywall please try this quick fix and tell me if it
works for them?
Add the following to the [mysqld] portion of the /etc/hflow/my.cnf file:
#setting ot a year
set-variable=wait_timeout=31536000
The file should look something like this:
[mysqld]
#bin-log
skip-networking
skip-name-resolve
datadir=/var/lib/mysql
#tmpdir=/var/tmp
socket=/var/lib/mysql/mysql.sock
set-variable=key_buffer_size=256M
set-variable=table_cache=256
set-variable=sort_buffer=128M
#setting ot a year
set-variable=wait_timeout=31536000
[mysql.server]
user=mysql
basedir=/var/lib
[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
After you make this modification to the my.cnf file, you will need to
restart mysql and hflow and sebek, but it might just be easier to
restart the honeywall to make sure everything is started properly.
Hope this helps while we fix the code.
Rob
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
