arpspoof preprocessor and barnyard2 \ BASE issue

[cnuddep () rogers com]

Greetings
I have enabled the arpspoof preprocessor in my snort.conf file:
 
preprocessor arpspoof
preprocessor arpspoof_detect_host: 10.0.0.1 00:aa:bb:cc:dd:ee
 
when I run snort and output alerts to the console, then launch an arpspoof attack everything works as expected
 
snort -c snort.conf -A console
....
01/17-15:46:44.675601  [**] [112:4:1] (spp_arpspoof) Attempted ARP cache overwrite attack [**]
...
However, if I fire up barnyard2 it does not insert the alerts into the mysql\snort database running on the same box, 
although it inserts events into the event table. I have tested other rules and preprocessors and alerts from them get 
inserted without issue.
 
An error message also shows up in BASE while the arpspoof attack is underway which resembles this:

/var/www/base/includes/base_cache.inc.php:521: ERROR: Alert "1 - 1217" could NOT be found in acid_event.
 
Does anyone have any thoughts on what might be going on here?
 
Thanks in advance

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!