Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 startup issue

From: "Lay, James" <james.lay () wincofoods com>
Date: Fri, 22 Jul 2011 14:16:26 -0600
-----Original Message-----
From: Aycock, Jeff R. [mailto:JEFF.R.AYCOCK () saic com]
Sent: Friday, July 22, 2011 9:47 AM
To: James Lay
Cc: Snort
Subject: Re: [Snort-users] Barnyard2 startup issue

Thanks, James.  I did the mods and ran Barnyard2 again with another

error,

this time with mysql not being able to find the socket file:

[root@10 ~]# Running in Continuous mode

        --== Initializing Barnyard2 ==-- Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
Log directory = /var/log/barnyard2
sguil:  sensor name = sensor
sguil:  agent port =  7735
sguil:  Connected to localhost on 7735.
sguil: Waiting for sid and cid from sensor_agent.
sguil: sensor ID = 4
sguil: last cid = 0
Node unique name is: sensor:eth0

ERROR: database: mysql_error: Can't connect to local MySQL server

through

socket '/tmp/mysql.sock' (2) Fatal Error, Quitting..


The socket file is located in /var/lib/mysql so I guess my next

question is

how do I direct Barnyard to look for this file instead of

/tmp/mysql.sock

which does not exists in this box?  Is there anything in the conf file

that

will do that?  The my.cnf file is showing the correct location of the

socket

file for mysql client.  I checked to see if MySQL is running:


As a quick fix for testing:

sudo ln /var/lib/mysql/mysql.sock /tmp/mysql.sock

As I recall, every time you stop and start mysql you'll need to do the
above.  I couldn't find anywhere that you could tell barnyard2 where the
sock file is, but maybe someone else here can.  Hope that helps.

James

------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: