Problems with snort and B.A.S.E

[Kaustubh Gadkari <kaustubh.gadkari () gmail com>]

Hi,

I have a process that continuously dumps pcap files into a directory.
Periodically, I run snort on these files:

snort -c /etc/snort/snort.conf --pcap-dir=/path/to/pcaps

I have configured snort to write to a MySQL database. I have also
confirmed that snort is writing to the database. Just to raise alerts,
I have a rule 'alert tcp any any <> any any (sid:5;)'. I am using
B.A.S.E (http://base.secureideas.net/) v1.4.1 to see the snort alerts.

Here's the problem:
When I run snort as described above, snort writes events to the snort
database. I checked using 'select count(*) from event;', but the
alerts do not show up in B.A.S.E. However, if I run snort on the
interface:

snort -c /etc/snort/snort.conf -i eth1

things work i.e. I see snort writing to the database, and I see alerts
on B.A.S.E.

Am I missing a trick here?

Kaustubh

-- 
Kaustubh Gadkari
kaustubh [dot] gadkari [at] gmail [dot] com

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users