[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Andres carrera protoss_black88 at ...445...
Fri Sep 17 13:45:09 EDT 2010




> Date: Fri, 17 Sep 2010 16:50:09 +0200
> From: Bernhard.Guillon at ...3094...
> To: protoss_black88 at ...445...
> CC: snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] Fwd: Re:  Fwd: Re:  Snort Anomaly Detection
> 
> On 17.09.2010 16:01, Andres Carrera Rivera wrote:
> > I put preprocessor phad:
> > training_time 446400
> >
> >
> > on the snort.conf file, but when running snort, I got this ERROR:
> > Unknown preprocessor: "phad"
> >
> > snort, doesn't recognize PHAD?
> > How can I solve this problem..
> >
> >    
> 
> Ah, I forgot to add plugbase.c to my patch. I just fixed it and uploaded 
> the patch to the old location :)

ok so its the same file, in the same location, right?
snort-2.8.6-spp_phad.diff, right?
and patch it as always
 

> Just redo the steps including the download.
> 
> with
> 
> preprocessor phad: training_time 14400
> 
> and the DARPA set [1] (using -r switch) you will get some nice alerts :)
> 
> Best regards
> Bernhard Guillon
> 
> 1 
> http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz
> 

Mmm I havent Work with the DARPA, How can I use, It work with snort Too?

thanks, Andres Carrera

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100917/e58a1bff/attachment.html>


More information about the Snort-devel mailing list