[Snort-users] problem with database plug-in

John Berkers berjo at ...827...
Sat Sep 1 06:36:04 EDT 2001


Oliver,

Firstly, is mysql running?  Just checking the obvious first! ;-)

The default behaviour for mysql is to connect to localhost using the socket.
The path (/var/lib/mysql/mysql.sock) is compiled in to the binaries.  I had
some trouble with this at one point when I used a self-compiled binary for
something that insisted on using /tmp/mysql.sock.  I changed the mysql.conf
file to create the sock file there, and broke something else (that shipped
with mysql).

If you've changed mysql to use /tmp/mysql.sock in mysql.conf you will need
to change it back to get snort to work with it as there is no way that I am
aware of to tell snort where to find the mysql.sock file.  If you log to
mysql over the network (possibly even the 127.0.0.1 address) it should use
port 3306 instead and this problem should automagically become moot.

btw, does your mysql command give you any similar errors?

Regards,

John Berkers                                       ICQ: 112912
Network Services                            Hansen Corporation
john.berkers at ...3164...               berjo at ...827...


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Oliver Skiebe
Sent: Saturday, 1 September 2001 9:42
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] problem with database plug-in


hi there,
when i try to get snort-1.8.1 with -c set to my snort.conf-file working, it
dies with

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = XXX
database: database name = XXX
database:   sensor name = XXX
database: mysql_error: Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (2)
Fatal Error, Quitting..

where does it get the path to mysql.sock from and how to change it / how
does it connect to mysql anyway
(i´m quite new to this...didn´t find any compilation options?)

does anyone have an idea? thank you!

-olli





More information about the Snort-users mailing list