Running Snort with AD

For network 192.168.0.0 with mask 255.255.255.0, default file localization and logging traffic information with interval equal to 60 seconds, run AD as follows:

1. Place following line in snort.cfg

preprocesor anomalydetection: LogPath /var/log/snort log time 60

2. type following command in CLI:

sudo snort -c /etc/snort/snort.conf -h 192.168.0.0/24