[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Bernhard Guillon Bernhard.Guillon at ...3094...
Fri Sep 17 10:50:09 EDT 2010


On 17.09.2010 16:01, Andres Carrera Rivera wrote:
> I put preprocessor phad:
> training_time 446400
>
>
> on the snort.conf file, but when running snort, I got this ERROR:
> Unknown preprocessor: "phad"
>
> snort, doesn't recognize PHAD?
> How can I solve this problem..
>
>    

Ah, I forgot to add plugbase.c to my patch. I just fixed it and uploaded 
the patch to the old location :)
Just redo the steps including the download.

with

preprocessor phad: training_time 14400

and the DARPA set [1] (using -r switch) you will get some nice alerts :)

Best regards
Bernhard Guillon

1 
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz





More information about the Snort-devel mailing list