Snort mailing list archives

Re: Starting Snort at Boot Up

From: "Nathanael Morrison" <nathanael_morrison () cogeco ca>
Date: Tue, 27 Aug 2002 13:55:54 -0700

The "sleep 5" in rc.snortd did the trick.
Thanks for all your help, much appreciated :)

Nathanael



----- Original Message -----
From: "twig les" <twigles () yahoo com>
To: <dr () kyx net>; "Hal Wigoda" <hwigoda () mindspring com>; "Nathanael
Morrison" <nathanael_morrison () cogeco ca>
Cc: <snort-users () lists sourceforge net>
Sent: Monday, August 26, 2002 8:17 PM
Subject: Re: [Snort-users] Starting Snort at Boot Up

Actually I had that problem.  I threw a "sleep 5" at
the top of the snort startup script so mysql could
finish starting.

--- Dragos Ruiu <dr () kyx net> wrote:

On August 26, 2002 11:48 pm, Hal Wigoda wrote:

You have to create the following links to

/etc/rc.d/snort


/etc/rc.d/rc0.d/K20snortd
/etc/rc.d/rc1.d/K20snortd
/etc/rc.d/rc2.d/K20snortd
/etc/rc.d/rc3.d/K20snortd
/etc/rc.d/rc4.d/K20snortd
/etc/rc.d/rc5.d/K20snortd

Hal Wigoda


You might not want to run snort in single user mode
and
only run it in the traditional runlevels
3(multiuser) and 5 (Xwindows):

The K scripts are typically used for Killing at
shutdown
and the S scripts are usually for startup.

SInce he explicitly starts mysql before snort the
problem
is likely that the mysql startup is backgrounding
and not
started by the time snort tries to connect or it is
failing somehow.

cheers,
--dr

----- Original Message -----
From: "Nathanael Morrison"

<nathanael_morrison () cogeco ca>

To: <snort-users () lists sourceforge net>
Sent: Monday, August 19, 2002 7:05 PM
Subject: [Snort-users] Starting Snort at Boot Up


Hi,

I can't seem to get snort to start at boot up.

I'm current using the following:

Linux 2.4.18
MySQL 3.23.39
Snort 1.8.6

I created two startup scripts,  /etc/rc.mysqld and

/etc/rc.snortd.

I then run /etc/rc.mysqld first and then

/etc/rc.snortd by making a call

from
/etc/rc.local. MySQL starts up fine, but snort

does not. When I looked at

the
system logs I found the following error:

snort: FATAL ERROR: database: mysql_error: Can't

connect to local MySQL

server
through socket '/var/run/mysql/mysql.sock' (2)

Now this is the part I can't figure out. If I call

/etc/rc.snortd after

logging in, snort starts up fine. Everything runs

great, snort is logging

to MySQL, and I can analyse the packets with ACID.

Maybe I'm missing

something... any ideas?

Nathanael




-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Starting Snort at Boot Up Nathanael Morrison (Aug 26)
- Re: Starting Snort at Boot Up Erek Adams (Aug 26)
- Re: Starting Snort at Boot Up Hal Wigoda (Aug 26)
  - Re: Starting Snort at Boot Up Dragos Ruiu (Aug 26)
    - Re: Starting Snort at Boot Up twig les (Aug 26)
    - Re: Starting Snort at Boot Up Nathanael Morrison (Aug 28)
  - Re: Starting Snort at Boot Up Erek Adams (Aug 27)
- Re: Starting Snort at Boot Up Alwin Raymundo (Aug 30)
- <Possible follow-ups>
- Re: Starting Snort at Boot Up Jason Monroe "JC" (Aug 27)
- Re: Starting Snort at Boot Up Roman Danyliw (Sep 05)