AD Configuration file
ProfilePath after this keyword put full path to profile file (default: "/etc/profile.txt")
LogPath after this keyword put full path to directory which contains logs files. (default: "/var/log/snort")
alert if is set preprocessor will be able to report anomalies
log if is set preprocessor will be able to log network traffic to file
time after this keyword put interval (with what time intervals it will log the traffic) (default: 600 seconds)
Example:
preprocessor AnomalyDetection: ProfilePath /etc/profile.txt LogPath /var/log/snort alert log time 60
Before running snort make sure you have created LogPath directory!