For example, if you get an error like this:
''ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)''
This means that OSSEC can not connect to mysql. OSSEC, a component in ASL, uses TCP to connect to your mysql server. A number of different things may be the root cause of this error. This checklist provides solutions to the most common causes.
Step 1. If you are running MySQL on the same system as ASL, check to make sure mysql is running, and that its listening on IP address 127.0.0.1.
If you are running MySQL on a remote system, skip this step.
To check if mysql is running, run this command as root:
ps auxwww | grep mysql
You should see a similar result to this:
root 17813 0.0 0.0 65988 852 ? S Mar19 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock
--pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 17930 0.5 6.5 551972 264788 ? Sl Mar19 116:55 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql
--log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
If you do not see a result similar to this, mysql is not running on your system. Start mysql. If you require assistance with mysql, please contact your Operating System or database vendor. If you have neither, please post in the community support section of our forums.
Also check to make sure mysql is listening on TCP port 3306 and IP address 127.0.0.1:
netstat -anp | grep 3306
A correctly configured mysql will look similar to this:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5543/mysqld
Or this:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5543/mysqld
If you do not see either 0.0.0.0 or 127.0.0.1 in the fourth column then you may have mysql configured to listen on a specific IP address. You have two choices:
'Option A) Configure mysql to listen on all addresses
Remove any line in /etc/my.cnf that contains "bind-address", and restart mysql:
/etc/init.d/mysqld restart
Option B) Configure ASL to connect to mysql on a different IP address
Log into ASL, click on ASL Configuration, scroll down to "OSSEC_DATABASE_SERVER" and change "127.0.0.1" or "localhost" to the IP address of your mysql server.
Step 2. Make sure you dont have "skip-networking" in your /etc/my.cnf file.
Check for the line "skip-networking" in your /etc/my.cnf file:
grep skip-networking /etc/my.cnf
If you have this line, remove that line from /etc/my.cnf and save the file.
Restart mysql and restart OSSEC. Run these commands as root:
/etc/init.d/mysqld restart
/etc/init.d/ossec-hids restart
Check to make sure mysql is listening:
netstat -anp | grep 3306
A correctly configured mysql will look similar to this:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5543/mysqld
Or this:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5543/mysqld
If you do not see "tcp" in the first column, and LISTEN in the fifth mysql is not configured to listen for TCP connections.
If you only see any entry like this:
unix 2 [ ACC ] STREAM LISTENING 38593710 /var/lib/mysql/mysql.sock
mysql is not configured to listen on a TCP port.
Step 3: check to make sure mysql is listening on port 3306 and the IP address you configured in ASL
A final test to see if mysql is listening on loopback is to telnet, from the system that mysql is running on (not from a remote system), to the loopback interface:
telnet ip_address_of_your_mysql_server 3306
For example:
telnet 127.0.0.1 3306
You should see something like this:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
4
5.0.77
If you can not connect to mysql, check to make sure that you do not have any lines in /etc/my.cnf that contain "bind-address". If you do:
Option A) Configure mysql to listen on all addresses
Remove any line in /etc/my.cnf that contains "bind-address", and restart mysql:
/etc/init.d/mysqld restart
Option B) Configure ASL to connect to mysql on a different IP address'
Log into ASL, click on ASL Configuration, scroll down to "OSSEC_DATABASE_SERVER" and change "127.0.0.1" or "localhost" to the IP address of your mysql server.
Step 4. If mysql is listening on port 3306 and on your SQL servers IP address, and you still can not connect to it
This is most likely caused by one or more firewalls.
First disable the local firewall to see if you can connect to mysql:
/etc/init.d/iptables stop
If you can connect to mysql, then your local firewall rules need to be adjusted to allow connections to your MySQL server. Please see the ASL_firewall documentation.
If you can not connect to MySQL, then there is another firewall blocking your connection, or a problem with your network that is preventing your system from connecting to that remote system.
Comments
0 comments
Please sign in to leave a comment.