SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have used Snort for quite some time now, and am very happy with it.
Recently, I decided to give MySQL logging with the ACID console a try.
I got mysql up and running just fine and created the snort database. Followed the instructions for ACID, and went to http://localhost/ACID/ . In the instructions, I was told that I would find a link to create the ACID table. However, when I went to that address, I got nothing except the contents of acid_main.php
I should mention that I have NEVER used PHP in my life. I have always used CGI, so I know nothing about PHP at all. (which seems to be the source of the problem.)
I was told to add
AddType application/x-httpd-php .php
to httpd.conf. Tryed that, no luck
I tried uncommenting the line in httpd.conf that contains
#Include /etc/apache/mod_php.conf
no luck.
There is a file in /etc/apache called mod_php.conf, which contains
#
# mod_php - PHP Hypertext Preprocessor module
#
# Load the PHP module:
LoadModule php4_module libexec/apache/libphp4.so
# Tell Apache to feed all *.php files through the PHP module:
AddType application/x-httpd-php .php
# This will display PHP files in colored syntax form. Use with caution.
#AddType application/x-httpd-php-source .phps
So I tried all these different things, trying to get ACID working (actually any PHP script!...tried several others also, to make sure it wasnt an ACID specific problem.) and depending on what I did, I either got the contents of the file (the source code-so to speak) or I got a download popup window, asking me if I wanted to save the file to disk.
I also ran into a problem at some point (with one particular configuration, that when I went to http://localhost/ACID/, it returned an error about about not being able to load libphp4.so, something about (ACID?) being compiled with a different version, and that they must match...I have no idea!
I have used Linux in general and Slackware in particular for a long time now, and consider myself very linux literate. So I feel completely stupid in this case, because I just can not seem to get this working no matter what I do!
I used Google extensively to try to solve the problem, and found nothing of relevance.
So apparently, there is something that I am totally NOT getting! I'm sure it's something simple (it always is!), but I am unable to figure it out!
Does anyone have ANY information on this that might help?
Ok. Did that, and here is the output of my php scripts
PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php/extensions/mysql.so' - /usr/lib/php/extensions/mysql.so: undefined symbol: OnUpdateLong in Unknown on line 0
PHP Warning: Unknown(): (null): Unable to initialize module
Module compiled with module API=20041030, debug=0, thread-safety=0
PHP compiled with module API=20020429, debug=0, thread-safety=0
These options need to match
in Unknown on line 0
HTTP/1.1 200 OK
Date: Wed, 01 Jun 2005 11:19:13 GMT
Server: Apache
X-Powered-By: PHP/4.3.11
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
What do you mean exactly? PHP, Apache and MySQL are already installed in Slackware. ACID is set up to use with snort, and mysql. Snort is properly logging to MySQL. The only thing that isnt working is the ACID PHP scripts. Actually, ANY PHP scripts! They are all returning the error above. I dont get it!
How weird! I removed php.ini from /etc/apache, and now suddenly all my php scripts work! Go figure. I would have never guessed, had it not been for trying every damn thing else! Geez!
But When logging into ACID, it now informs me that the prebuilt Slackware PHP was not configured with mysql support. Geez! So, I have to recompile PHP!
I downloaded the newest version of php and configured with ./configure --with-mysql and installed
Went to the ACID URL, and again, I got the same message
PHP ERROR: PHP build incomplete: the prerequisite MySQL support required to read the alert database was not built into PHP. Please recompile PHP with the necessary library (--with-mysql)
Well, thats exatly what I did!
I placed the php.ini file back into /etc/apache, and I got the exact same eroor as I posted above.
So, PHP IS working (other non-mysql scripts work fine) I recompiled PHP with mysql support, and I am still getting the above message.
When I put the php.ini file (which contains the line to Load the mysql module) I get the error message about
PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php/extensions/mysql.so' - /usr/lib/php/extensions/mysql.so: undefined symbol: OnUpdateLong in Unknown on line 0
PHP Warning: Unknown(): (null): Unable to initialize module
Module compiled with module API=20041030, debug=0, thread-safety=0
PHP compiled with module API=20020429, debug=0, thread-safety=0
These options need to match
in Unknown on line 0
Ok, according to this page http://us2.php.net/mysql , the --with-mysql option is enabled by default in PHP4, but not in 5. Slackware 10.1 includes PHP 4.3(?) I think. So I got rid of the PHP 4, and replaced with the original Slackware 4.3, so mysql support IS there. Again, PHP is working fine. Snort is logging to mysql fine. The only problem now, is that when I run ACID , it returns the error
PHP ERROR: PHP build incomplete: the prerequisite MySQL support required to read the alert database was not built into PHP. Please recompile PHP with the necessary library (--with-mysql)
That is with the php.ini file REMOVED from /etc/apache.
And when I put the file PHP.ini BACK into /etc/apache (which contains the line
; Load the MySQL module by default. Comment this out if you don't use MySQL.
extension=mysql.so
and then go to the ACID console, it says
PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php/extensions/mysql.so' - /usr/lib/php/extensions/mysql.so: undefined symbol: OnUpdateLong in Unknown on line 0
PHP Warning: Unknown(): (null): Unable to initialize module
Module compiled with module API=20041030, debug=0, thread-safety=0
PHP compiled with module API=20020429, debug=0, thread-safety=0
These options need to match
in Unknown on line 0
So, it seems to have something to do with the mysql.so extension. But I can't figure out WHAT the problem is. Especially since MySQL and PHP are part of the Slackware installation!
Well, guess what? I just downloaded and reinstalled the Slackware php package from slackware.com, and now it's working. The mysql module is now loading properly. But remember that PHP security update? I am wondering what will happen when I install that.
I wonder if that has anything to do with it breaking?
If not, then I am at a TOTAL lost of what happened.
This is an original Slackware 10.1 install. Full install. And things like Mysql and PHP have not been TOUCHED until now! So nothing has changed from the original install, as far as those packages go. And then I reinstall the same package from slackware.com, and all is working now! Bizarre!
Well, okay, here I go. I am going to try the security update and see if it still loads the mysql module after that. Wish me luck!
Ok, downlaoded and installed the 2 security patches for PHP, and it said that they were already installed (I thought I would have to reinstall them, since I reinstalled php)
So, like I said, I am at a total loss of what happened!
I have been working for 2 days straight on this, trying everything I could think of, with absolutely no luck at all.
I download and reinstall the very same package that was installed with Slack10.1, and voila, everythings working. ???? I dont know....
At least it's finally running though. Geez! I'll have to remember this one in the future! I never had to struggle with anything like this so hard ever! lol!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.