[Snort-devel] Fwd: Re: Snort Anomaly Detection

Bernhard Guillon Bernhard.Guillon at ...3094...
Fri Sep 17 09:43:47 EDT 2010

On 17.09.2010 15:31, Andres Carrera Rivera wrote:
> Excellent! I did Exactly what you said, patch it inside the 
> snort-2.8.6.X.
> Now my question is: how can I test if the PHAD Preprocessor is working?
> because, I don't see any configuration inside the snort.conf file.
> I run snort like: snort -dev -c ./snort.conf

You need to add the configuration for spp_phad to snort.conf which I 
wrote in my other mail:

preprocessor phad: training_time 446400

The training time still is in seconds. For more information about the 
algorithm read the paper [1] of the original implementation.

Best regards
Bernhard Guillon


More information about the Snort-devel mailing list