Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and Mysql connection error mysqld.sock

From: "William Fitzgerald" <wfitzgerald () tssg org>
Date: Tue, 1 Feb 2005 14:13:49 -0000
Hi all,

I have a query about MySQl and snort.

I get the following error whe I run snort
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snu
database: database name = snort
database:          host = localhost
database:   sensor name = 10.37.73.2
ERROR: database: mysql_error: Can't connect to local MySQL server through
socket '/var/run/mysqld/mysqld.sock' (2)

below is the full snort output when snort is run:
panaauth_madwifi:/opt/snort# bin/snort -c etc/snort.conf -i eth0
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
HttpInspect Config:
    GLOBAL CONFIG
      Max Pipeline Requests:    0
      Inspection Type:          STATELESS
      Detect Proxy Usage:       NO
      IIS Unicode Map Filename: etc/unicode.map
      IIS Unicode Map Codepage: 1252
    DEFAULT SERVER CONFIG:
      Ports: 80 8080 8180
      Flow Depth: 300
      Max Chunk Length: 500000
      Inspect Pipeline Requests: YES
      URI Discovery Strict Mode: NO
      Allow Proxy Usage: NO
      Disable Alerting: NO
      Oversize Dir Length: 500
      Only inspect URI: NO
      Ascii: YES alert: NO
      Double Decoding: YES alert: YES
      %U Encoding: YES alert: YES
      Bare Byte: YES alert: YES
      Base36: OFF
      UTF 8: OFF
      IIS Unicode: YES alert: YES
      Multiple Slash: YES alert: NO
      IIS Backslash: YES alert: NO
      Directory: YES alert: NO
      Apache WhiteSpace: YES alert: YES
      IIS Delimiter: YES alert: YES
      IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
      Non-RFC Compliant Characters: NONE
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
deauth_flood arguments:
    deauth-threshold: 20
    expire_timeout: 60
    target_limit: 100
    prune_period: 30
auth_flood arguments:
    auth-threshold: 100
    expire_timeout: 60
    target_limit: 10
    prune_period: 30
macspoof arguments:
    masked_MAC_addr: none
    tolerate_gap: 5
    threshold: 10
    expire_timeout: 120
    spoofed_addr_limit: 100
    prune_period: 30
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snu
database: database name = snort
database:          host = localhost
database:   sensor name = sensor
ERROR: database: mysql_error: Can't connect to local MySQL server through
socket '/var/run/mysqld/mysqld.sock' (2)
Fatal Error, Quitting..

ps -ef |grep mysql
mysql     1260  1243  0 12:13 ?        00:00:03
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1261  1260  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1262  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1263  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1264  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1265  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1266  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1267  1261  0 12:13 ?        00:00:07
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1268  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n
mysql     1269  1261  0 12:13 ?        00:00:00
/usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mysql/data/my.c
n

I am runing snort-2.1.1, i know its old but this version is the only version
that i can apply the wirless patch to: http://snort-wireless.org/

I am running mysql version: mysql-standard-4.1.9-pc-linux-gnu-i686

I have searched the /var/run/ but there is no mysqld directory.

I am running debian sarge.

I have installed mysql in /usr/local where
mysql-standard-4.1.9-pc-linux-gnu-i686 has a soft link mysql also in
/usr/local

Would you have any suggestions.

regards,
Will.

William M. Fitzgerald (MSc,BSc),
Applied Researcher,
Telecommunications Software & Systems Group,
Waterford Institute of Technology,
Cork Rd.
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: