[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
Andres Carrera Rivera
protoss_black88 at ...445...
Fri Sep 17 10:01:28 EDT 2010
On 9/17/2010 8:43 AM, Bernhard Guillon wrote:
> On 17.09.2010 15:31, Andres Carrera Rivera wrote:
>> Excellent! I did Exactly what you said, patch it inside the
>> Now my question is: how can I test if the PHAD Preprocessor is working?
>> because, I don't see any configuration inside the snort.conf file.
>> I run snort like: snort -dev -c ./snort.conf
> You need to add the configuration for spp_phad to snort.conf which I
> wrote in my other mail:
> preprocessor phad: training_time 446400
> The training time still is in seconds. For more information about the
> algorithm read the paper  of the original implementation.
> Best regards
> Bernhard Guillon
Ok. the time is in Seconds.
But when it finish the training mode, the PHAD will generate some
alerts?, when it find any anomalies?
thats what I dont know.
I put preprocessor phad:
on the snort.conf file, but when running snort, I got this ERROR:
Unknown preprocessor: "phad"
snort, doesn't recognize PHAD?
How can I solve this problem..
More information about the Snort-devel