Hello! I am a new user to BASE and am setting it up for first time use. I am using version 1.3.6; Snort version 2.6.1.5, Barnyard version 0.2.0, and Apache 1.3.37.

I have Snort writing to log files and Barnyard reading the log files and posting to the 'snort' database set up in MySQL. This appears to be working - I see the log file growing and the # of entries in the 'event' table of the 'snort' database continues to increase.

I DO NOT have Snort writing any logs or alerts to the database at all - I commented out the following options in my snort.conf file:
# output database: log, mysql, user=snort password=mypass dbname=snort host=localhost
# output database: alert, mysql, user=snort password=mypass dbname=snort host=localhost

The following tables are EMPTY in my database: acid_ag, acid_ag_alert, acid_event, acid_ip_cache, base_users, opt, sensor, and signature.

In my 'base_conf.php' I have the following parameters configured:
$alert_dbname ='snort';
$alert_host ='localhost';
$alert_port ='';
$alert_user ='snort';
$alert_password='mypass';

One thing that I did notice is that when I logged into the BASE page, the Database ('Database: snort@localhost (Schema Version: 107)') was set to snort_archive@localhost instead of snort@localhost....I simply went into the conf file (the archive_exists parameter was already set to 0!) and configured all the 'archive_' parameters to the same as above & then restarted Apache, Snort, and Barnyard.

But, that didn't help - I still cannot get any results from the database.

- Today's alerts: unique listing Source IP Destination IP
- Last 24 Hours alerts: unique listing Source IP Destination IP
- Last 72 Hours alerts: unique listing Source IP Destination IP
- Most recent 15 Alerts: any protocol TCP UDP ICMP
- Last Source Ports: any protocol TCP UDP
- Last Destination Ports: any protocol TCP UDP
- Most Frequent Source Ports: any protocol TCP UDP
- Most Frequent Destination Ports: any protocol TCP UDP
- Most frequent 15 Addresses: Source Destination
- Most recent 15 Unique Alerts
- Most frequent 5 Unique Alerts

Queried on : Wed June 06, 2007 09:51:39
Database: snort@localhost (Schema Version: 107)
Time Window: no alerts detected 

Sensors/Total: 0 / 0
Unique Alerts: 0
Categories: 0
Total Number of Alerts: 0

* Src IP addrs: 0
* Dest. IP addrs: 0
* Unique IP links 0
*

Source Ports: 0
*
o TCP ( 0) UDP ( 0)
* Dest Ports: 0
*
o TCP ( 0) UDP ( 0)

Traffic Profile by Protocol
TCP (0%) 

UDP (0%) 

ICMP (0%) 

Portscan Traffic (0%)

Any thoughts on what is missing here and how I can fix it??

Thanks in advance for your time and help! It is GREATLY appreciated. Please let me know if I can provide any additional information.
-jg