Snort mailing list archives
snort/acid and mysql.sock revisited
From: raft na <raft2200 () yahoo com>
Date: Tue, 21 Jan 2003 21:24:49 -0800 (PST)
Hi all, I just read with interest the thread relating to snort/acid not connecting to mysql and not finding /var/lib/mysql/mysql.sock. It was close to, but not quite, what I have. I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it went. But I can't see anywhere to force ACID to find the socket file in a particular place? But now if I open up a command-line client either on the database server or a remote sensor, the client wants to connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to /var/lib/mysql/mysql.sock and restart the service if I want to use a cmd-line client. And then back again for ACID. Funnily enough the remote snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the S99snort script from the snort contrib, but have dropped the group option, basically leaving only -D. Have I missed something in the FAQs? --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Current thread:
- snort/acid and mysql.sock revisited raft na (Jan 22)
- Re: snort/acid and mysql.sock revisited Scott Fringer (Jan 22)