Please bear with me on these questions. I have recently set up 4 snort sensors and am using BASE 1.3.9. When I click on "search", I see two sensors listed. Where does BASE get it's information to populate those names? I currently have two sensors operating and two sensors turned off. So it sees the correct number of sensors, however the name it is giving them is incorrect. One is showing the IP address of my management NIC and the other shows unknown. It is also showing "eth0" for one sensor and "eth1" for the other. This is incorrect as both sensors have monitoring NIC's on eth0. I just need to know how to make BASE report the correct names for my sensors?
Thanks in advance for any information you can give.
> Where does BASE get it's information to populate those names?
From the database. Its query is similar to something you can type in yourself on the command line (assuming you use mysql):
mysql> select * from sensor;
It is not BASE that fills in the wrong values. It is either snort itself or
flop, barnyard, mudpit or whatever
helper program you use to perform the
inserts into the database. And the helper programs get their data from snort...