Snort mailing list archives
Re: snort/acid and mysql.sock revisited
From: Scott Fringer <fringsm () is2 hsnet ufl edu>
Date: Wed, 22 Jan 2003 09:36:45 -0500 (EST)
Hello, I haven't read through the FAQs completely, but all I did in my startup script was to create a symlink from the /var/run/mysqld/mysqld.sock to /tmp/mysql.sock and that lets everyone be happy. Maybe not the cleanest solution, but it works for me. Scott Scott Fringer Shands Healthcare @ U.F. Network Systems Analyst Gainesville, FL On Tue, 21 Jan 2003, raft na wrote:
Hi all, I just read with interest the thread relating to snort/acid not connecting to mysql and not finding /var/lib/mysql/mysql.sock. It was close to, but not quite, what I have. I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it went. But I can't see anywhere to force ACID to find the socket file in a particular place? But now if I open up a command-line client either on the database server or a remote sensor, the client wants to connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to /var/lib/mysql/mysql.sock and restart the service if I want to use a cmd-line client. And then back again for ACID. Funnily enough the remote snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the S99snort script from the snort contrib, but have dropped the group option, basically leaving only -D. Have I missed something in the FAQs?
------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort/acid and mysql.sock revisited raft na (Jan 22)
- Re: snort/acid and mysql.sock revisited Scott Fringer (Jan 22)