Snort mailing list archives

Re: Starting Snort at Boot Up

From: twig les <twigles () yahoo com>
Date: Mon, 26 Aug 2002 20:17:26 -0700 (PDT)

Actually I had that problem.  I threw a "sleep 5" at
the top of the snort startup script so mysql could
finish starting.

--- Dragos Ruiu <dr () kyx net> wrote:

On August 26, 2002 11:48 pm, Hal Wigoda wrote:

You have to create the following links to

/etc/rc.d/snort


/etc/rc.d/rc0.d/K20snortd
/etc/rc.d/rc1.d/K20snortd
/etc/rc.d/rc2.d/K20snortd
/etc/rc.d/rc3.d/K20snortd
/etc/rc.d/rc4.d/K20snortd
/etc/rc.d/rc5.d/K20snortd

Hal Wigoda


You might not want to run snort in single user mode
and
only run it in the traditional runlevels
3(multiuser) and 5 (Xwindows):

The K scripts are typically used for Killing at
shutdown
and the S scripts are usually for startup.

SInce he explicitly starts mysql before snort the
problem 
is likely that the mysql startup is backgrounding
and not
started by the time snort tries to connect or it is
failing somehow.

cheers,
--dr

----- Original Message -----
From: "Nathanael Morrison"

<nathanael_morrison () cogeco ca>

To: <snort-users () lists sourceforge net>
Sent: Monday, August 19, 2002 7:05 PM
Subject: [Snort-users] Starting Snort at Boot Up


Hi,

I can't seem to get snort to start at boot up.

I'm current using the following:

Linux 2.4.18
MySQL 3.23.39
Snort 1.8.6

I created two startup scripts,  /etc/rc.mysqld and

/etc/rc.snortd.

I then run /etc/rc.mysqld first and then

/etc/rc.snortd by making a call

from
/etc/rc.local. MySQL starts up fine, but snort

does not. When I looked at

the
system logs I found the following error:

snort: FATAL ERROR: database: mysql_error: Can't

connect to local MySQL

server
through socket '/var/run/mysql/mysql.sock' (2)

Now this is the part I can't figure out. If I call

/etc/rc.snortd after

logging in, snort starts up fine. Everything runs

great, snort is logging

to MySQL, and I can analyse the packets with ACID.

Maybe I'm missing

something... any ideas?

Nathanael

-------------------------------------------------------

This sf.net email is sponsored by: OSDN - Tired of

that same old

cell phone?  Get a new here for FREE!

https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=ort-users

-------------------------------------------------------

This sf.net email is sponsored by: OSDN - Tired of

that same old

cell phone?  Get a new here for FREE!

https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
dr () kyx net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available:
http://cansecwest.com
"The question of whether computers can think is like
the question
  of whether submarines can swim." --Edsger Wybe
Dijkstra 1930-2002

-------------------------------------------------------

This sf.net email is sponsored by: OSDN - Tired of
that same old
cell phone?  Get a new here for FREE!

https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Starting Snort at Boot Up Nathanael Morrison (Aug 26)
- Re: Starting Snort at Boot Up Erek Adams (Aug 26)
- Re: Starting Snort at Boot Up Hal Wigoda (Aug 26)
  - Re: Starting Snort at Boot Up Dragos Ruiu (Aug 26)
    - Re: Starting Snort at Boot Up twig les (Aug 26)
    - Re: Starting Snort at Boot Up Nathanael Morrison (Aug 28)
  - Re: Starting Snort at Boot Up Erek Adams (Aug 27)
- Re: Starting Snort at Boot Up Alwin Raymundo (Aug 30)
- <Possible follow-ups>
- Re: Starting Snort at Boot Up Jason Monroe "JC" (Aug 27)
- Re: Starting Snort at Boot Up Roman Danyliw (Sep 05)