Snort mailing list archives
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection
From: Bernhard Guillon <Bernhard.Guillon () opensimpad org>
Date: Sun, 19 Sep 2010 15:22:33 +0200
On 19.09.2010 04:40, Andres Carrera Rivera wrote:
Thats great!! I follow your steps and configure PHAD without any ERRORS OK! Now I got installed PHAD as a Preprocessor on SNORT :-D Now my question is, I run snort as always like : snort -c ./snort.conf. And my PHAD is running in a training mode...
What do you expect an anomaly detection algorithm to report in training mode?
But I want to see any report of PHAD, How I know if I had any anomalies on my network?... where are those anomalies alerts? on logs, or in a PHAD file, if it has?
On screen and where ever you told snort to log the alerts (see documentation for default location). Please use the DARPA set (as I told you already) with the config I gave you to verify that the preprocessor is working as expected. Best regards Bernhard Guillon ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Re: Fwd: Re: Snort Anomaly Detection, (continued)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres carrera (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Ebrahimi (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Will Metcalf (Sep 17)
- Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Esler (Sep 21)