[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
Bernhard.Guillon at ...3094...
Sun Sep 19 09:22:33 EDT 2010
On 19.09.2010 04:40, Andres Carrera Rivera wrote:
> Thats great!! I follow your steps and configure PHAD without any ERRORS
> OK! Now I got installed PHAD as a Preprocessor on SNORT :-D
> Now my question is, I run snort as always like : snort -c ./snort.conf.
> And my PHAD is running in a training mode...
What do you expect an anomaly detection algorithm to report in training
> But I want to see any report of PHAD, How I know if I had any anomalies
> on my network?...
> where are those anomalies alerts?
> on logs, or in a PHAD file, if it has?
On screen and where ever you told snort to log the alerts (see
documentation for default location). Please use the DARPA set (as I told
you already) with the config I gave you to verify that the preprocessor
is working as expected.
More information about the Snort-devel