Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection

From: Bernhard Guillon <Bernhard.Guillon () opensimpad org>
Date: Sun, 19 Sep 2010 15:22:33 +0200
On 19.09.2010 04:40, Andres Carrera Rivera wrote:


Thats great!! I follow your steps and configure PHAD without any ERRORS
OK! Now I got installed PHAD as a Preprocessor on SNORT :-D
Now my question is, I run snort as always like : snort -c ./snort.conf.
And my PHAD is running in a training mode...

   

What do you expect an anomaly detection algorithm to report in training 
mode?


But I want to see any report of PHAD, How I know if I had any anomalies
on my network?...
where are those anomalies alerts?
on logs, or in a PHAD file, if it has?

   


On screen and where ever you told snort to log the alerts (see 
documentation for default location). Please use the DARPA set (as I told 
you already) with the config I gave you to verify that the preprocessor 
is working as expected.

Best regards
Bernhard Guillon


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: