Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Re: Snort Anomaly Detection

From: Bernhard Guillon <Bernhard.Guillon () opensimpad org>
Date: Fri, 17 Sep 2010 15:43:47 +0200
On 17.09.2010 15:31, Andres Carrera Rivera wrote:



Excellent! I did Exactly what you said, patch it inside the 
snort-2.8.6.X.
Now my question is: how can I test if the PHAD Preprocessor is working?
because, I don't see any configuration inside the snort.conf file.

I run snort like: snort -dev -c ./snort.conf



You need to add the configuration for spp_phad to snort.conf which I 
wrote in my other mail:

#snort.conf
preprocessor phad: training_time 446400


The training time still is in seconds. For more information about the 
algorithm read the paper [1] of the original implementation.

Best regards
Bernhard Guillon

1http://cs.fit.edu/~mmahoney/paper3.pdf




------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: