Snort mailing list archives
error output
From: Saúl Bósquez <cygnus133 () hotmail com>
Date: Mon, 13 Jan 2003 17:23:58 -0500
when I type '/etc/rc.d/init.d/snortd start' i get: Starting snort: [OK] (in green letters) I thought it was up and running so I typed '/etc/rc.d/init.d/snortd status' and got the following message: snort dead but subsys locked And when tried to stop it got: Stopping snort: [FAILED] (in red letters) And this is the error output I get when access /var/log/messages Jan 13 20:56:45 localhost snort: Initializing daemon mode Jan 13 20:56:45 localhost snort: Initializing Output Plugins! Jan 13 20:56:45 localhost snortd: snort startup succeeded Jan 13 20:56:45 localhost snort: PID path stat checked out ok, PID path set to /var/run/ Jan 13 20:56:45 localhost snort: Writing PID "8192" to file "/var/run//snort_eth0.pid" Jan 13 20:56:45 localhost snort: http_decode arguments: Jan 13 20:56:45 localhost snort: Unicode decoding Jan 13 20:56:45 localhost snort: IIS alternate Unicode decoding Jan 13 20:56:45 localhost snort: IIS double encoding vuln Jan 13 20:56:45 localhost snort: Flip backslash to slash Jan 13 20:56:45 localhost snort: Include additional whitespace separators Jan 13 20:56:45 localhost snort: Ports to decode http on: 80 Jan 13 20:56:45 localhost snort: rpc_decode arguments: Jan 13 20:56:45 localhost snort: Ports to decode RPC on: 111 32771 Jan 13 20:56:45 localhost snort: telnet_decode arguments: Jan 13 20:56:45 localhost snort: Ports to decode telnet on: 21 23 25 119 Jan 13 20:56:45 localhost snort: Conversation Config: Jan 13 20:56:45 localhost snort: KeepStats: 0 Jan 13 20:56:46 localhost snort: Conv Count: 32000 Jan 13 20:56:46 localhost snort: Timeout : 60 Jan 13 20:56:46 localhost snort: Alert Odd?: 0 Jan 13 20:56:46 localhost snort: Allowed IP Protocols: Jan 13 20:56:46 localhost snort: All Jan 13 20:56:46 localhost snort: Jan 13 20:56:46 localhost snort: Portscan2 config: Jan 13 20:56:46 localhost snort: log: /var/log/snort/scan.log Jan 13 20:56:46 localhost snort: scanners_max: 3200 Jan 13 20:56:46 localhost snort: targets_max: 5000 Jan 13 20:56:46 localhost snort: target_limit: 5 Jan 13 20:56:46 localhost snort: port_limit: 20 Jan 13 20:56:46 localhost snort: timeout: 60 Jan 13 20:56:46 localhost snort: FATAL ERROR: database: mysql_error: Can't connect to MySQL server on '127.0.0.1' (111) I thought it was because on the snort.conf file i assigned 127.0.0.1 to the host output database: log, mysql, user=snort password=snort dbname=snort host=000.000.000.000 so I replaced the 127.0.0.1 with the word 'localhost' and got the following output: Jan 13 22:13:02 localhost snort: FATAL ERROR: database: mysql_error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) Remember that im trying to run the sensor & database on the same box that's why I tried 127.0.0.1 and localhost Im doing this as a test... to learn how it works... when im done with the learning part im gonna put 2 sensors and a centralized database. but, I still can't get it to run :( any help is welcome here :) ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- error output Saúl Bósquez (Jan 13)
- Re: error output Erick Mechler (Jan 13)