[Snort-users] snort/acid and mysql.sock revisited

raft na raft2200 at ...131...
Wed Jan 22 06:08:15 EST 2003

Hi all,
I just read with interest the thread relating to snort/acid not connecting to mysql and not finding /var/lib/mysql/mysql.sock. It was close to, but not quite, what I have.
I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it went. But I can't see anywhere to force ACID to find the socket file in a particular place?

But now if I open up a command-line client either on the database server or a remote sensor, the client wants to connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to /var/lib/mysql/mysql.sock and restart the service if I want to use a cmd-line client. And then back again for ACID. Funnily enough the remote snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the S99snort script from the snort contrib, but have dropped the group option, basically leaving only -D.

Have I missed something in the FAQs?

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030122/a301ea4b/attachment.html>

More information about the Snort-users mailing list