[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
Bernhard.Guillon at ...3094...
Sun Sep 19 20:34:45 EDT 2010
On 20.09.2010 00:23, Andres Carrera Rivera wrote:
> OK, I follow your steps and use the DARPA.
> I ran my snort like:
> snort -r ../inside.tcpdump -c ./snort.conf , using the file that you
> gave me.
> as a result I got about 710 new alerts! that log in my alert file.
> but checking my alerts file, I didn't find any anomaly alert, or
> something with PHAD..
> I suppose there will be some kind of anomaly detection alerts, or
> something like that.
> I attach my alert file, and other file that show you the last part of
> snort( the mini analysis and results), there, I don't see any
> anomalies too
> so I dont know if the PHAD is working, cause I dont see nothing with
> Packet Anomalies, Please could you check those files,
> and tell me whats wrong, or if its working well.
> I want to see anomalies alerts, and a PHAD report like those files
> that you gave me.
Hm, weird. Here is my snort.conf  my screen output  and my alert
Can you try it again with my config file  (without any other
configuration) and the DARPA set ?
More information about the Snort-devel