[Snort-users] Starting Snort at Boot Up

Nathanael Morrison nathanael_morrison at ...6696...
Wed Aug 28 17:23:05 EDT 2002


The "sleep 5" in rc.snortd did the trick.
Thanks for all your help, much appreciated :)

Nathanael



----- Original Message -----
From: "twig les" <twigles at ...131...>
To: <dr at ...381...>; "Hal Wigoda" <hwigoda at ...468...>; "Nathanael
Morrison" <nathanael_morrison at ...6696...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Monday, August 26, 2002 8:17 PM
Subject: Re: [Snort-users] Starting Snort at Boot Up


> Actually I had that problem.  I threw a "sleep 5" at
> the top of the snort startup script so mysql could
> finish starting.
>
> --- Dragos Ruiu <dr at ...381...> wrote:
> > On August 26, 2002 11:48 pm, Hal Wigoda wrote:
> > > You have to create the following links to
> > /etc/rc.d/snort
> > >
> > > /etc/rc.d/rc0.d/K20snortd
> > > /etc/rc.d/rc1.d/K20snortd
> > > /etc/rc.d/rc2.d/K20snortd
> > > /etc/rc.d/rc3.d/K20snortd
> > > /etc/rc.d/rc4.d/K20snortd
> > > /etc/rc.d/rc5.d/K20snortd
> > >
> > > Hal Wigoda
> > >
> >
> > You might not want to run snort in single user mode
> > and
> > only run it in the traditional runlevels
> > 3(multiuser) and 5 (Xwindows):
> >
> > The K scripts are typically used for Killing at
> > shutdown
> > and the S scripts are usually for startup.
> >
> > SInce he explicitly starts mysql before snort the
> > problem
> > is likely that the mysql startup is backgrounding
> > and not
> > started by the time snort tries to connect or it is
> > failing somehow.
> >
> > cheers,
> > --dr
> >
> > > ----- Original Message -----
> > > From: "Nathanael Morrison"
> > <nathanael_morrison at ...6696...>
> > > To: <snort-users at lists.sourceforge.net>
> > > Sent: Monday, August 19, 2002 7:05 PM
> > > Subject: [Snort-users] Starting Snort at Boot Up
> > >
> > >
> > > Hi,
> > >
> > > I can't seem to get snort to start at boot up.
> > >
> > > I'm current using the following:
> > >
> > > Linux 2.4.18
> > > MySQL 3.23.39
> > > Snort 1.8.6
> > >
> > > I created two startup scripts,  /etc/rc.mysqld and
> > /etc/rc.snortd.
> > > I then run /etc/rc.mysqld first and then
> > /etc/rc.snortd by making a call
> > > from
> > > /etc/rc.local. MySQL starts up fine, but snort
> > does not. When I looked at
> > > the
> > > system logs I found the following error:
> > >
> > > snort: FATAL ERROR: database: mysql_error: Can't
> > connect to local MySQL
> > > server
> > > through socket '/var/run/mysql/mysql.sock' (2)
> > >
> > > Now this is the part I can't figure out. If I call
> > /etc/rc.snortd after
> > > logging in, snort starts up fine. Everything runs
> > great, snort is logging
> > > to MySQL, and I can analyse the packets with ACID.
> > Maybe I'm missing
> > > something... any ideas?
> > >
> > > Nathanael





More information about the Snort-users mailing list