[Snort-users] No alerts on ACID

Kevin Johnson kjohnson at ...12400...
Mon Oct 18 17:27:09 EDT 2004


On Mon, 2004-10-18 at 17:11, support wrote:
> Hi 
> 
> Today I got the error mesg when I starting the acid console for the 1st
> time after restarting ,
> 
> Warning: mysql_pconnect(): Can't connect to local MySQL server through
> socket '/tmp/mysql.sock' (2) in
> /www/htdocs/adodb/drivers/adodb-mysql.inc.php on line 335
> 
> 
> Error (p)connecting to DB : snort at ...274...
> 
> Check the DB connection variables in acid_conf.php 
> 
>                = $alert_dbname   : MySQL database name where the alerts
> are stored 
>                = $alert_host     : host where the database is stored
>                = $alert_port     : port where the database is stored
>                = $alert_user     : username into the database
>                = $alert_password : password for the username
>               
> Database ERROR:Can't connect to local MySQL server through socket
> '/tmp/mysql.sock' (2)
> 
> Also when checking for mysql ps -ef | grep mysql I could not find mysql
> runnig
> So I restarted mysqld and found a error mesg ....
> ( " No mysqld pid file found. Looked for
> /usr/local/mysql/var/localhost.localdomain.pid	" )
> 
> And after this my Acid console started but with no alerts
> 
> Wht could be the problem 
> 

Hi-

I would have to guess that since mysql wasn't running, there is a good
chance that snort wasn't putting anything into the database for ACID to
report on.  At this point, after seeing quite a few messages from you, I
would have to recommend that you go to snort.org and look at the
documentation.  The direct link to the great document that most people
use to start out would be found at
http://www.snort.org/docs/Snort_SSL_FC2.pdf
(Thanks Patrick!)

Please read this entire document and see if you can figure out what you
are having problems with.  If you are then still having problems, please
feel free to continue to ask questions of this group.  Just keep in mind
that when you are writing the email, that no one on this list is paid to
support your set up and are all doing it as an additional task in their
already busy days.  So try and make sure that not only have you done the
research that you are trying to get them to give you but that you have
at least given them enough information that they can try to help you. 
My rule on that is always, if I can't understand what I am writing, no
one else is going to either.

Thanks
Kevin





More information about the Snort-users mailing list