Snort mailing list archives

snort

From: sanaâ Aitouchen <sanaa52 () hotmail com>
Date: Tue, 06 Apr 2004 15:34:02 +0000




think you for your help,
all things work well know but the problem is when i want to use snort in
mode NIDS i must change the directory of mysql.sock in  my.cnf file from
/tmp/mysql.sock to /var/lib/mysql/mysql.sock as knowing as the mysql.sock
directory file is /tmp/mysql.sock so i did a link in /var/lib/mysql/ to
/tmp/mysql.sock and it worked but when i wont to use Acid it gaves me this
error:


Warning: mysql_pconnect(): Can't connect to local MySQL server through
socket '/tmp/mysql.sock' (111) in
/www/htdocs/adodb/drivers/adodb-mysql.inc.php on line 266

Error (p)connecting to DB : snort@localhost
to resolve this problem i must change the directory from

/var/lib/mysql/mysql.sock to /tmp/mysql.sock in my.cnf file and itworkedbut the same for snort


so to resolve this problem when i wont to use snort i start mysql with:
mysqld_safe --socket=/var/lib/mysql/mysql.sock

and when i wont to use acid i restart mysql with:
mysqld_safe --socket=/tmp/mysql.sock

i know, it's a stuped solution so please if you have another solution please
  write it to me

think you for your help

sanaa


>From: Mark.Schutzmann () Omron com
>To: sanaâ Aitouchen <sanaa52 () hotmail com>
>CC: ravivsn () roc co in,snort-users () lists sourceforge net
>Subject: Re: [Snort-users] Snort en mode NIDS
>Date: Mon, 5 Apr 2004 12:10:08 -0500
>
>
>Dejavue!
>cp <snort installation directory>/etc/unicode.map /etc/snort/unicode.map
>vi /etc/snort/snort.conf
>  goto line 285, modify the line to point to the /etc/snort/unicode.map.
>
>Mark
>
>
>
>                       sanaâ Aitouchen
>                       <sanaa52 () hotmail com>               To:
>ravivsn () roc co in, snort-users () lists sourceforge net
>                       Sent by:                            cc:
>                       snort-users-admin () lists sour        Subject:  Re:
>[Snort-users] Snort en mode NIDS
>                       ceforge.net
>
>
>                       03/29/2004 11:00 AM
>
>
>
>
>
>
>i'have problem when i wont to use snort in mode NIDS, and when i type
>shel>snort -l /var/log -h 10.100.11.0/24 -c /etc/snort/snort.conf
>
>Running in IDS mode
>Log directory = /var/log
>Initializing Network Interface eth0
>
>         --== Initializing Snort ==--
>Initializing Output Plugins!
>Decoding Ethernet on interface eth0
>Initializing Preprocessors!
>Initializing Plug-ins!
>Parsing Rules file /etc/snort/snort.conf
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++
>Initializing rule chains...
>,-----------[Flow Config]----------------------
>| Stats Interval:  0
>| Hash Method:     2
>| Memcap:          10485760
>| Rows  :          4099
>| Overhead Bytes:  16400(%0.16)
>`----------------------------------------------
>No arguments to frag2 directive, setting defaults to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
>     Fragment min_ttl:   0
>     Fragment ttl_limit: 5
>     Fragment Problems: 0
>     Self preservation threshold: 500
>     Self preservation period: 90
>     Suspend threshold: 1000
>     Suspend period: 30
>Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Evasion alerts: INACTIVE
>     Scan alerts: INACTIVE
>     Log Flushed Streams: INACTIVE
>     MinTTL: 1
>     TTL Limit: 5
>     Async Link: 0
>     State Protection: 0
>     Self preservation threshold: 50
>     Self preservation period: 90
>     Suspend threshold: 200
>     Suspend period: 30
>Stream4_reassemble config:
>     Server reassembly: INACTIVE
>     Client reassembly: ACTIVE
>     Reassembler alerts: ACTIVE
>     Zero out flushed packets: INACTIVE
>     flush_data_diff_size: 500
>     Ports: 21 23 25 53 80 110 111 143 513 1433
>     Emergency Ports: 21 23 25 53 80 110 111 143 513 1433

>ERROR: /etc/snort/snort.conf(285) => Invalid file name for IIS UnicodeMap

>file.
>Fatal Error, Quitting..
>
>so where is the problem and how i can resolve it ,
>thinks
>
>_________________________________________________________________
>MSN Search, le moteur de recherche qui pense comme vous !
>http://search.msn.fr/worldwide.asp
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: IBM Linux Tutorials
>Free Linux tutorial presented by Daniel Robbins, President and CEO of
>GenToo technologies. Learn everything from fundamentals to system
>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
>_______________________________________________
>Snort-users mailing list
>Snort-users () lists sourceforge net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql

To unsubscribe:http://lists.mysql.com/mysql?unsub=palmtreeFRB () earthlink net


_________________________________________________________________

MSN Search, le moteur de recherche qui pense comme vous !http://search.msn.fr/worldwide.asp




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort sanaâ Aitouchen (Apr 07)