Alerts not reproduced

[Ray Nichols <n1c0l5 () yahoo com>]

I am running a Snort  sensor V2.0.0 build 72 on a netbsd box and logging to a binary file. I then SCP the binary file 
to an internal win2k box, also running Snort V2.0.0 build 72, and run Snort -r <binary-file>  on the win2k box to load 
a mysql db. The problem that I am having is that not all the alerts from the binary file are ending up in the db. One 
example is I copy a file to the win2k box, check it and see alerts for NETBIOS DCERPC as well as other alerts, run 
Snort -r <binary-file> to write the alerts to the db, the other alerts make it to the db but the NETBIOS ones don't. 
I copied the snort.conf file, updating the $RULE_PATH, from one box to the other to insure they are the same. I 
downloaded the latest rules to both boxes. How come one box see's the NETBIOS alert and the other one doesn't. Is there 
an easier way to load the db from a binary file?


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software