Snort mailing list archives
RE: No alerts on ACID
From: Kevin Johnson <kjohnson () secureideas net>
Date: Mon, 18 Oct 2004 20:25:50 -0400
On Mon, 2004-10-18 at 17:11, support wrote:
Hi Today I got the error mesg when I starting the acid console for the 1st time after restarting , Warning: mysql_pconnect(): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /www/htdocs/adodb/drivers/adodb-mysql.inc.php on line 335 Error (p)connecting to DB : snort@localhost Check the DB connection variables in acid_conf.php = $alert_dbname : MySQL database name where the alerts are stored = $alert_host : host where the database is stored = $alert_port : port where the database is stored = $alert_user : username into the database = $alert_password : password for the username Database ERROR:Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) Also when checking for mysql ps -ef | grep mysql I could not find mysql runnig So I restarted mysqld and found a error mesg .... ( " No mysqld pid file found. Looked for /usr/local/mysql/var/localhost.localdomain.pid " ) And after this my Acid console started but with no alerts Wht could be the problem
Hi- I would have to guess that since mysql wasn't running, there is a good chance that snort wasn't putting anything into the database for ACID to report on. At this point, after seeing quite a few messages from you, I would have to recommend that you go to snort.org and look at the documentation. The direct link to the great document that most people use to start out would be found at http://www.snort.org/docs/Snort_SSL_FC2.pdf (Thanks Patrick!) Please read this entire document and see if you can figure out what you are having problems with. If you are then still having problems, please feel free to continue to ask questions of this group. Just keep in mind that when you are writing the email, that no one on this list is paid to support your set up and are all doing it as an additional task in their already busy days. So try and make sure that not only have you done the research that you are trying to get them to give you but that you have at least given them enough information that they can try to help you. My rule on that is always, if I can't understand what I am writing, no one else is going to either. Thanks Kevin ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No alerts on ACID support (Oct 17)
- Re: No alerts on ACID prabu (Oct 17)
- RE: No alerts on ACID Patrick S. Harper (Oct 18)
- RE: No alerts on ACID support (Oct 18)
- RE: No alerts on ACID Kevin Johnson (Oct 18)
- Re: No alerts on ACID prabu (Oct 18)
- RE: No alerts on ACID Patrick S. Harper (Oct 18)
- RE: No alerts on ACID support (Oct 22)
- Re: No alerts on ACID prabu (Oct 17)
- <Possible follow-ups>
- RE: No alerts on ACID Harper, Patrick (Oct 19)
- RE: No alerts on ACID support (Oct 22)