Configuring BASE for Snort on Debian GNU/Linux was surprisingly easy. A little familiarity with using MySQL grant syntax and policy is needed. The rest is smooth sailing if all the tools are on the same box, and only a bind away if MySQL is listening only on 127.0.0.1 and needs to be listening on 0.0.0.0.
I get so little traffic, I’m just logging directly to MySQL, and to disk in tcpdump format. BASE provides some interesting, Web based output for analyzing Snort alerts, summary statistics, a top fifteen hit list, most frequent uniques, and so forth. Obviously, you can view the raw packet itself.
I used the guide for installation on Fedora Core 3 as a reference, although most of the necessary files are already available in Debian’s repositories. The MySQL grant example wasn’t quite right for my setup. The configuration for MySQL logging is done via debconf if you install the Debian package snort-mysql.