Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection

From: Andres Carrera Rivera <protoss_black88 () hotmail com>
Date: Sun, 19 Sep 2010 20:09:32 -0500
 On 9/19/2010 8:00 PM, Bernhard Guillon wrote:

On 20.09.2010 02:49, Andres Carrera Rivera wrote:

Mmm maybe, but if I want to work with all preprocessors, the PHAD didn't
show me any alert.
I dont understand why, if it is a preprocessor, it should work with the
others.
Did you try my config? What is the output of it? Please also provide your full configuration. 

Best regards
Bernhard Guillon





Yes I try it your configuration (your snort.conf)
and I got the same Output that you, with the same number of alerts, I attached it. 

Also there's my snort.conf.
I use almost every preprocessor, and use the snort rules, that I downloaded from snort.org/rules but for a reason I don't know, my snort.conf doesn't show the same alerts like yours (The PHAD alerts).

Attachment: Output
Description:

Attachment: snort.conf
Description: 

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: