Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort/acid and mysql.sock revisited

From: Scott Fringer <fringsm () is2 hsnet ufl edu>
Date: Wed, 22 Jan 2003 09:36:45 -0500 (EST)
Hello,
  I haven't read through the FAQs completely, but all I did in my startup
script was to create a symlink from the /var/run/mysqld/mysqld.sock to
/tmp/mysql.sock and that lets everyone be happy.
  Maybe not the cleanest solution, but it works for me.

Scott

Scott Fringer                              Shands Healthcare @ U.F.
Network Systems Analyst                        Gainesville, FL

On Tue, 21 Jan 2003, raft na wrote:



Hi all,
I just read with interest the thread relating to snort/acid not connecting to mysql and not finding 
/var/lib/mysql/mysql.sock. It was close to, but not quite, what I have.
I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the 
rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read 
the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it 
went. But I can't see anywhere to force ACID to find the socket file in a particular place?

But now if I open up a command-line client either on the database server or a remote sensor, the client wants to 
connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a 
rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to 
/var/lib/mysql/mysql.sock and restart the service if I want to use a cmd-line client. And then back again for ACID. 
Funnily enough the remote snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the 
S99snort script from the snort contrib, but have dropped the group option, basically leaving only -D.

Have I missed something in the FAQs?




-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: