Ruby, Rails, Gems Redux Part II

Did a little research on the gem for MySQL and decided to try this:

root@slackbox:~/RAILS/RAILS/Snorby# locate mysql_config
/usr/man/man1/mysql_config.1.gz
/usr/bin/mysql_config
root@slackbox:~/RAILS/RAILS/Snorby# gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
Building native extensions. This could take a while...
Successfully installed mysql-2.7
1 gem installed
Installing ri documentation for mysql-2.7...
Installing RDoc documentation for mysql-2.7...
root@slackbox:~/RAILS/RAILS/Snorby#

Now about my Snort architecture, I'm thinking all I'm gonna have to do is copy my Snort database over to Slackbox and then have my two Snort machines (one internal and one sensor at a datacenter) report to Slackbox....OR, have the Snort sensors report to BOTH the FreeBSD server AND Slackbox! I think the latter will work and it sounds like the better solution.

I'll be updating this post with my successes and failures most of the night, I suspect, or at least until I get good and pissed off. LOL!

=====

Update:

There's nothing like backing up an 83MB database file on old hardware:

Starting: 6:31PM up 23 days, 19:27, 4 users, load averages: 2.89, 2.94, 3.13

Ending: 6:33PM up 23 days, 19:29, 4 users, load averages: 5.88, 3.98, 3.51

While I'm sure that's incomparable to an enterprise database, at one point, I thought the old dell system would lock up.

I also was trying to do this via phpMyAdmin on both machines, but I didn't know the dbase size was that large (4 yrs of sniffing data). phpMyAdmin on the BSD box would say it was finished exporting but I'd check the filesize and it was different each time (did it like 4 times before I decided to go commandline. phpMyAdmin kept giving me a filesize of between 20M and 40M. It must've been choking out. I optimized the dbase, also, so it was more than likely larger than 83MB.

=====

Update:

Had to upgrade MySQL, as my 83MB file wouldn't import into Slackbox's MySQL server. 30 seconds into the import, the import would lock up or die. Apparently, it's a known issue with MySQL's lower versions.

Anyways, after the import and creation of new MySQL users, I had to edit Snorby's config/database.yml file, specifically the development part. The reason:

root@slackbox:~/RAILS/RAILS/Snorby# script/server -p 11001
=> Booting WEBrick
=> Rails 2.3.2 application starting on http://0.0.0.0:11001
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2009-07-17 21:48:14] INFO WEBrick 1.3.1
[2009-07-17 21:48:14] INFO ruby 1.8.6 (2007-03-13) [i486-linux]
[2009-07-17 21:48:14] WARN TCPServer Error: Address already in use - bind(2)
[2009-07-17 21:48:14] INFO WEBrick::HTTPServer#start: pid=3848 port=11001
/!\ FAILSAFE /!\ Fri Jul 17 21:48:17 -0400 2009
Status: 500 Internal Server Error
Can't connect to MySQL server on 'no_not_use' (111)

It's still not clear to me why I had to edit it, but I did because the production portion was populated with the proper credentials but I was still receiving the above error..."Can't connect to MySQL server on 'no_not_use'". When I did it, I stopped getting that error.

*** I found why I was getting the MySQL error. The config/database.yml development entry has 'mysql' for the database entry. It should be 'no_not_use'. I've edited this to what is was originally supposed to be and changed everything back to 'no_not_use'. I no longer get the error when using the production settings. ***

Also, notice that I ran in what I want to call 'debug mode' because I wanted to see what was hanging up the connection.

So, now, after some editing and fiddling, I get the following in 'debug mode':

root@slackbox:~/RAILS/RAILS/Snorby# script/server -e production -b 10.150.1.106 -p 11001
=> Booting WEBrick
=> Rails 2.3.2 application starting on http://10.150.1.106:11001
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2009-07-17 21:55:37] INFO WEBrick 1.3.1
[2009-07-17 21:55:38] INFO ruby 1.8.6 (2007-03-13) [i486-linux]
[2009-07-17 21:55:38] WARN TCPServer Error: Address already in use - bind(2)
[2009-07-17 21:55:38] INFO WEBrick::HTTPServer#start: pid=3915 port=11001


Processing UserSessionsController#new (for ::ffff:10.150.1.106 at 2009-07-17 21:55:40) [GET]
Parameters: {"action"=>"new", "controller"=>"user_sessions"}
Rendering template within layouts/application
Rendering user_sessions/new

ActionView::TemplateError (undefined method `login' for #) on line #8 of app/views/user_sessions/new.html.erb:
5: <% form_for @user_session, :url => user_session_path do |f| %>
6: <%= f.error_messages %>
7: <%= f.label :login %>

8: <%= f.text_field :login %>

9:

10: <%= f.label :password %>

11: <%= f.password_field :password %>


app/views/user_sessions/new.html.erb:8
app/views/user_sessions/new.html.erb:5
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'

Rendering /root/RAILS/RAILS/Snorby/public/500.html (500 Internal Server Error)

The thing is, I see nothing in the web browser, but:

We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly.

Something else that is nagging me that I was trying to fiddle with is:

[2009-07-17 21:55:38] WARN TCPServer Error: Address already in use - bind(2)

There is only one Ruby service running and nothing is utilizing that port when I run Ruby. I'm ignoring it for now.

I would love to see what the WEBrick logs show, if there are any.

For now, its time to do some serious Googling and maybe hit up my three Ruby/Rails books.