[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
Andres Carrera Rivera
protoss_black88 at ...445...
Sat Sep 18 22:40:24 EDT 2010
On 9/17/2010 9:50 AM, Bernhard Guillon wrote:
> On 17.09.2010 16:01, Andres Carrera Rivera wrote:
>> I put preprocessor phad:
>> training_time 446400
>> on the snort.conf file, but when running snort, I got this ERROR:
>> Unknown preprocessor: "phad"
>> snort, doesn't recognize PHAD?
>> How can I solve this problem..
> Ah, I forgot to add plugbase.c to my patch. I just fixed it and
> uploaded the patch to the old location :)
> Just redo the steps including the download.
> preprocessor phad: training_time 14400
> and the DARPA set  (using -r switch) you will get some nice alerts :)
> Best regards
> Bernhard Guillon
Thats great!! I follow your steps and configure PHAD without any ERRORS
OK! Now I got installed PHAD as a Preprocessor on SNORT :-D
Now my question is, I run snort as always like : snort -c ./snort.conf.
And my PHAD is running in a training mode...
But I want to see any report of PHAD, How I know if I had any anomalies
on my network?...
where are those anomalies alerts?
on logs, or in a PHAD file, if it has?
More information about the Snort-devel