snort/acid and mysql.sock revisited

[raft na <raft2200 () yahoo com>]

Hi all,
I just read with interest the thread relating to snort/acid not connecting to mysql and not finding 
/var/lib/mysql/mysql.sock. It was close to, but not quite, what I have.
I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the 
rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read 
the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it 
went. But I can't see anywhere to force ACID to find the socket file in a particular place?

But now if I open up a command-line client either on the database server or a remote sensor, the client wants to 
connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a 
rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to /var/lib/mysql/mysql.sock 
and restart the service if I want to use a cmd-line client. And then back again for ACID. Funnily enough the remote 
snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the S99snort script from the 
snort contrib, but have dropped the group option, basically leaving only -D.

Have I missed something in the FAQs?




---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now