[Snort-devel] Fwd: Re: Snort Anomaly Detection
Bernhard.Guillon at ...3094...
Fri Sep 17 09:43:47 EDT 2010
On 17.09.2010 15:31, Andres Carrera Rivera wrote:
> Excellent! I did Exactly what you said, patch it inside the
> Now my question is: how can I test if the PHAD Preprocessor is working?
> because, I don't see any configuration inside the snort.conf file.
> I run snort like: snort -dev -c ./snort.conf
You need to add the configuration for spp_phad to snort.conf which I
wrote in my other mail:
preprocessor phad: training_time 446400
The training time still is in seconds. For more information about the
algorithm read the paper  of the original implementation.
More information about the Snort-devel