Running Snort with AD
For network 192.168.0.0 with mask 255.255.255.0, default file localization and logging traffic information with interval equal to 60 seconds, run AD as follows:
1. Place following line in snort.cfg
preprocesor anomalydetection: LogPath /var/log/snort log time 60
2. type following command in CLI:
sudo snort -c /etc/snort/snort.conf -h 192.168.0.0/24