Snort mailing list archives
Fwd: Re: Fwd: Re: Snort Anomaly Detection
From: Andres Carrera Rivera <protoss_black88 () hotmail com>
Date: Fri, 17 Sep 2010 09:01:28 -0500
On 9/17/2010 8:43 AM, Bernhard Guillon wrote:
On 17.09.2010 15:31, Andres Carrera Rivera wrote:Excellent! I did Exactly what you said, patch it inside the snort-2.8.6.X. Now my question is: how can I test if the PHAD Preprocessor is working? because, I don't see any configuration inside the snort.conf file. I run snort like: snort -dev -c ./snort.confYou need to add the configuration for spp_phad to snort.conf which I wrote in my other mail: #snort.conf preprocessor phad: training_time 446400 The training time still is in seconds. For more information about the algorithm read the paper [1] of the original implementation. Best regards Bernhard Guillon 1http://cs.fit.edu/~mmahoney/paper3.pdf
Ok. the time is in Seconds. But when it finish the training mode, the PHAD will generate some alerts?, when it find any anomalies? thats what I dont know. I put preprocessor phad: training_time 446400 on the snort.conf file, but when running snort, I got this ERROR: Unknown preprocessor: "phad" snort, doesn't recognize PHAD? How can I solve this problem.. Thanks, Andres Carrera ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Snort Anomaly Detection Andres Carrera Rivera (Sep 13)
- Re: Snort Anomaly Detection Bernhard Guillon (Sep 13)
- Re: Snort Anomaly Detection Sandro guly Zaccarini (Sep 13)
- Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Snort Anomaly Detection Bernhard Guillon (Sep 22)
- Re: Snort Anomaly Detection Sandro guly Zaccarini (Sep 13)
- Re: Snort Anomaly Detection Bernhard Guillon (Sep 13)
- <Possible follow-ups>
- Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 14)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres carrera (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Ebrahimi (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Will Metcalf (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Esler (Sep 21)