[Snort-users] Error Barnyard2.conf

AllowOverride allowoverride at ...11827...
Wed Oct 3 11:01:26 EDT 2012


ahhhh, ok, i will investigate. sockets my be the issue, as i am remotely
executing the cmds via ssh. maybe that matters. could also be ufw, note,
im using ubuntu 12.04 server. although i havent explicitly invoked sudo
ufw enable yet. thanks elof.


On Wed, 2012-10-03 at 11:18 +0200, elof at ...6680... wrote:
> I'm guessing it has to do with the way you connect.
> With the mysql client and no explicit host given, I guess it is using 
> sockets to connect to the sql server.
> ...or it might be treated different if you connect to '127.0.0.1' vs 
> 'localhost'.
> 
> So debug your grants and allow snort to login from 'localhost'.
> 
> /Elof
> 
> On Tue, 2 Oct 2012, AllowOverride wrote:
> 
> > i can connect locally with mysql -u snort -p no problem.
> > mysql -u snort -p
> > Enter password:
> > Welcome to the MySQL monitor.  Commands end with ; or \g.
> > Your MySQL connection id is 87
> > Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)
> > ~~~
> > mysql>
> >
> >
> > when i launch barnyard2 i get this error:
> >
> >
> > Oct  2 21:34:40 jupiter barnyard2[11630]: Running in Continuous mode
> > Oct  2 21:34:40 jupiter barnyard2[11630]:
> > Oct  2 21:34:40 jupiter barnyard2[11630]:         --== Initializing
> > Barnyard2 ==--
> > Oct  2 21:34:40 jupiter barnyard2[11630]: Initializing Input Plugins!
> > Oct  2 21:34:40 jupiter barnyard2[11630]: Initializing Output Plugins!
> > Oct  2 21:34:40 jupiter barnyard2[11630]: Parsing config file
> > "/etc/snort/etc/barnyard2.conf"
> >
> >
> > Oct  2 21:35:02 jupiter barnyard2[11630]: Log directory
> > = /var/log/barnyard2
> > Oct  2 21:35:02 jupiter barnyard2[11630]: Initializing daemon mode
> > Oct  2 21:35:02 jupiter barnyard2[11837]: Daemon initialized, signaled
> > parent pid: 11630
> > Oct  2 21:35:02 jupiter barnyard2[11837]: PID path stat checked out ok,
> > PID path set to /var/run/
> > Oct  2 21:35:02 jupiter barnyard2[11837]: Writing PID "11837" to file
> > "/var/run//barnyard2_eth0.pid"
> > Oct  2 21:35:02 jupiter barnyard2[11630]: Daemon parent exiting
> > Oct  2 21:35:02 jupiter barnyard2[11837]: FATAL ERROR: database:
> > mysql_error: Access denied for user 'snort'@'localhost' (using password:
> > YES)
> >
> > snort is run like this:
> > /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/etc/snort.conf
> > -i eth0 &
> >
> > barnyard2 is run like this:
> > /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf
> > -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D &
> >
> >
> > any suggestions?
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >





More information about the Snort-users mailing list