Hello everyone. I am trying to get Snort up and running and from what I can tell it is running and I am able to get it to start and to show traffic in verbose mode but I can't for the life of me get any data to show in base or get any "test" rules that I have setup to fire at all... My install environment is as follows:

Windows 7 Ultimate host running Debian 6 in vmware. My vmware instance has 2 NIC's, eth0 is set to host only and eth1 is bridged. I have setup a test rule in local.rules to fire an alert anytime there is ICMP traffic within my HOME_NET and I have tried to ping both IP's assigned to my NIC's on the VM from my host and from the VM back to my host and the pings are successful however there is no alert that fires... Any thoughts?

Zen

I am not using barnyard. Just BASE via the web url (http://localhost/acidbase). I am not for sure what you are asking for in regards to the snort.conf output line...I will have to take a look at the conf file and see what that is set to but I didn't change anything in regards to output in that file so it would be whatever was default...

Not assigning an IP is more an issue for remaining undetected than anything to do with functionality.  Out of curiosity is there any type of threshold set for the rule you're using?  Does it need to see more than X packets per Y seconds?  Does it need to hit more than X IPs or Y ports? 

This is the site I am following only I have Debian in a VM

http://www.aboutdebian.com/snort.htm