[Snort-users] Starting Snort at Boot Up

Erek Adams erek at ...577...
Mon Aug 26 11:10:03 EDT 2002

On Mon, 19 Aug 2002, Nathanael Morrison wrote:

> I can't seem to get snort to start at boot up.
> I'm current using the following:
> Linux 2.4.18
> MySQL 3.23.39
> Snort 1.8.6
> I created two startup scripts,  /etc/rc.mysqld and /etc/rc.snortd.
> I then run /etc/rc.mysqld first and then /etc/rc.snortd by making a call from
> /etc/rc.local. MySQL starts up fine, but snort does not. When I looked at the
> system logs I found the following error:
> snort: FATAL ERROR: database: mysql_error: Can't connect to local MySQL server
> through socket '/var/run/mysql/mysql.sock' (2)
> Now this is the part I can't figure out. If I call /etc/rc.snortd after
> logging in, snort starts up fine. Everything runs great, snort is logging to
> MySQL, and I can analyse the packets with ACID. Maybe I'm missing
> something... any ideas?

A couple:

	*  It's related to files and/or permissions.  Are you trying to run
snort as a user?  If so, make sure that user can access the
/var/run/mysql/mysql.sock socket.  Have the script(s) give you a ls -l of the
directory and see if you can tell what's breaking it.

	*  Make sure that mysqld is started and has the socket built before
you attempt to start snort.  Perhaps even build logic to check if the socket
is there before it starts.

	*  Upgrade to a newer version of snort.  I would honestly suggest
trying to run the current CVS snapshot of the 1.8 tree.  It's got quite a few
changes and updates.


Erek Adams

