[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Bernhard Guillon Bernhard.Guillon at ...3094...
Sun Sep 19 09:22:33 EDT 2010


On 19.09.2010 04:40, Andres Carrera Rivera wrote:
>
> Thats great!! I follow your steps and configure PHAD without any ERRORS
> OK! Now I got installed PHAD as a Preprocessor on SNORT :-D
> Now my question is, I run snort as always like : snort -c ./snort.conf.
> And my PHAD is running in a training mode...
>
>    
What do you expect an anomaly detection algorithm to report in training 
mode?

> But I want to see any report of PHAD, How I know if I had any anomalies
> on my network?...
> where are those anomalies alerts?
> on logs, or in a PHAD file, if it has?
>
>    

On screen and where ever you told snort to log the alerts (see 
documentation for default location). Please use the DARPA set (as I told 
you already) with the config I gave you to verify that the preprocessor 
is working as expected.

Best regards
Bernhard Guillon





More information about the Snort-devel mailing list