[Snort-users] error output

Saúl Bósquez cygnus133 at ...125...
Mon Jan 13 14:26:05 EST 2003


when I type '/etc/rc.d/init.d/snortd start' i get:
Starting snort:  [OK]     (in green letters)
I thought it was up and running so I typed '/etc/rc.d/init.d/snortd status'
and got the following message:
snort dead but subsys locked
And when tried to stop it got:
Stopping snort:  [FAILED]    (in red letters)

And this is the error output I get when access /var/log/messages

Jan 13 20:56:45 localhost snort: Initializing daemon mode
Jan 13 20:56:45 localhost snort: Initializing Output Plugins!
Jan 13 20:56:45 localhost snortd: snort startup succeeded
Jan 13 20:56:45 localhost snort: PID path stat checked out ok, PID path set
to /var/run/
Jan 13 20:56:45 localhost snort: Writing PID "8192" to file
"/var/run//snort_eth0.pid"
Jan 13 20:56:45 localhost snort: http_decode arguments:
Jan 13 20:56:45 localhost snort:     Unicode decoding
Jan 13 20:56:45 localhost snort:     IIS alternate Unicode decoding
Jan 13 20:56:45 localhost snort:     IIS double encoding vuln
Jan 13 20:56:45 localhost snort:     Flip backslash to slash
Jan 13 20:56:45 localhost snort:     Include additional whitespace
separators
Jan 13 20:56:45 localhost snort:     Ports to decode http on: 80
Jan 13 20:56:45 localhost snort: rpc_decode arguments:
Jan 13 20:56:45 localhost snort:     Ports to decode RPC on: 111 32771
Jan 13 20:56:45 localhost snort: telnet_decode arguments:
Jan 13 20:56:45 localhost snort:     Ports to decode telnet on: 21 23 25 119
Jan 13 20:56:45 localhost snort: Conversation Config:
Jan 13 20:56:45 localhost snort:    KeepStats: 0
Jan 13 20:56:46 localhost snort:    Conv Count: 32000
Jan 13 20:56:46 localhost snort:    Timeout   : 60
Jan 13 20:56:46 localhost snort:    Alert Odd?: 0
Jan 13 20:56:46 localhost snort:    Allowed IP Protocols:
Jan 13 20:56:46 localhost snort:  All
Jan 13 20:56:46 localhost snort:
Jan 13 20:56:46 localhost snort: Portscan2 config:
Jan 13 20:56:46 localhost snort:     log: /var/log/snort/scan.log
Jan 13 20:56:46 localhost snort:     scanners_max: 3200
Jan 13 20:56:46 localhost snort:     targets_max: 5000
Jan 13 20:56:46 localhost snort:     target_limit: 5
Jan 13 20:56:46 localhost snort:     port_limit: 20
Jan 13 20:56:46 localhost snort:     timeout: 60
Jan 13 20:56:46 localhost snort: FATAL ERROR: database: mysql_error: Can't
connect to MySQL server on '127.0.0.1' (111)

I thought it was because on the snort.conf file i assigned 127.0.0.1 to the
host
output database: log, mysql, user=snort password=snort dbname=snort
host=000.000.000.000

so I replaced the 127.0.0.1 with the word 'localhost' and got the following
output:
Jan 13 22:13:02 localhost snort: FATAL ERROR: database: mysql_error: Can't
connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

Remember that im trying to run the sensor & database on the same box that's
why I tried 127.0.0.1 and localhost
Im doing this as a test... to learn how it works... when im done with the
learning part im gonna put 2 sensors and a centralized database.

but, I still can't get it to run :(
any help is welcome here :)





More information about the Snort-users mailing list