Re: Starting Snort at Boot Up

[Dragos Ruiu <dr () kyx net>]

On August 26, 2002 11:48 pm, Hal Wigoda wrote:
> You have to create the following links to /etc/rc.d/snort
>
> /etc/rc.d/rc0.d/K20snortd
> /etc/rc.d/rc1.d/K20snortd
> /etc/rc.d/rc2.d/K20snortd
> /etc/rc.d/rc3.d/K20snortd
> /etc/rc.d/rc4.d/K20snortd
> /etc/rc.d/rc5.d/K20snortd
>
> Hal Wigoda

You might not want to run snort in single user mode and
only run it in the traditional runlevels 3(multiuser) and 5 (Xwindows):

The K scripts are typically used for Killing at shutdown
and the S scripts are usually for startup.

SInce he explicitly starts mysql before snort the problem 
is likely that the mysql startup is backgrounding and not
started by the time snort tries to connect or it is
failing somehow.

cheers,
--dr

> ----- Original Message -----
> From: "Nathanael Morrison" <nathanael_morrison () cogeco ca>
> To: <snort-users () lists sourceforge net>
> Sent: Monday, August 19, 2002 7:05 PM
> Subject: [Snort-users] Starting Snort at Boot Up
>
>
> Hi,
>
> I can't seem to get snort to start at boot up.
>
> I'm current using the following:
>
> Linux 2.4.18
> MySQL 3.23.39
> Snort 1.8.6
>
> I created two startup scripts,  /etc/rc.mysqld and /etc/rc.snortd.
> I then run /etc/rc.mysqld first and then /etc/rc.snortd by making a call
> from
> /etc/rc.local. MySQL starts up fine, but snort does not. When I looked at
> the
> system logs I found the following error:
>
> snort: FATAL ERROR: database: mysql_error: Can't connect to local MySQL
> server
> through socket '/var/run/mysql/mysql.sock' (2)
>
> Now this is the part I can't figure out. If I call /etc/rc.snortd after
> logging in, snort starts up fine. Everything runs great, snort is logging
> to MySQL, and I can analyse the packets with ACID. Maybe I'm missing
> something... any ideas?
>
> Nathanael
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
dr () kyx net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users