Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection

From: Bernhard Guillon <Bernhard.Guillon () opensimpad org>
Date: Fri, 17 Sep 2010 16:50:09 +0200
On 17.09.2010 16:01, Andres Carrera Rivera wrote:

I put preprocessor phad:
training_time 446400


on the snort.conf file, but when running snort, I got this ERROR:
Unknown preprocessor: "phad"

snort, doesn't recognize PHAD?
How can I solve this problem..

   


Ah, I forgot to add plugbase.c to my patch. I just fixed it and uploaded 
the patch to the old location :)
Just redo the steps including the download.

with

preprocessor phad: training_time 14400

and the DARPA set [1] (using -r switch) you will get some nice alerts :)

Best regards
Bernhard Guillon

1 
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: