[Snort-users] snort/acid and mysql.sock revisited

Scott Fringer fringsm at ...5133...
Wed Jan 22 06:37:11 EST 2003

  I haven't read through the FAQs completely, but all I did in my startup
script was to create a symlink from the /var/run/mysqld/mysqld.sock to
/tmp/mysql.sock and that lets everyone be happy.
  Maybe not the cleanest solution, but it works for me.


Scott Fringer                              Shands Healthcare @ U.F.
Network Systems Analyst                        Gainesville, FL

On Tue, 21 Jan 2003, raft na wrote:

> Hi all,
> I just read with interest the thread relating to snort/acid not connecting to mysql and not finding /var/lib/mysql/mysql.sock. It was close to, but not quite, what I have.
> I am trialling the current snort, acid, apache, php, mysql etc, but on RH7.2. I use rpms for mysql but compile the rest. I found that ACID wanted to connect to mysql using /tmp/mysql.lock, which initially it couldn't find. So I read the mysql manual and added [mysqld] socket=/tmp/mysql.sock to /var/lib/mysql/my.cnf. Bingo, ACID was happy and off it went. But I can't see anywhere to force ACID to find the socket file in a particular place?
> But now if I open up a command-line client either on the database server or a remote sensor, the client wants to connect with /var/lib/mysql/mysql.sock - seems as though this is the mysql default? So I seem to be stuck between a rock and a hard place - /tmp/mysql.sock will enable ACID to work, but I have to change it to /var/lib/mysql/mysql.sock and restart the service if I want to use a cmd-line client. And then back again for ACID. Funnily enough the remote snort sensor is logging fine when the console db is using /tmp/mysql/sock!?? I am using the S99snort script from the snort contrib, but have dropped the group option, basically leaving only -D.
> Have I missed something in the FAQs?

More information about the Snort-users mailing list