[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Andres Carrera Rivera protoss_black88 at ...445...
Sun Sep 19 21:09:32 EDT 2010


  On 9/19/2010 8:00 PM, Bernhard Guillon wrote:
> On 20.09.2010 02:49, Andres Carrera Rivera wrote:
>> Mmm maybe, but if I want to work with all preprocessors, the PHAD didn't
>> show me any alert.
>> I dont understand why, if it is a preprocessor, it should work with the
>> others.
>>
>>
>
> Did you try my config? What is the output of it? Please also provide 
> your full configuration.
>
> Best regards
> Bernhard Guillon
>
>
>

Yes I try it your configuration (your snort.conf)
and I got the same Output that you, with the same number of alerts, I 
attached it.

Also there's my snort.conf.
I use almost every preprocessor, and use the snort rules, that I 
downloaded from snort.org/rules
but for a reason I don't know, my snort.conf doesn't show the same 
alerts like yours (The PHAD alerts).


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Output
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100919/dd2c5b58/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.conf
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100919/dd2c5b58/attachment-0001.ksh>


More information about the Snort-devel mailing list