[Snort-devel] Spade update for Snort 1.9

James Hoagland hoagland at ...60...
Thu Aug 1 07:51:11 EDT 2002


Hello everyone,

My vacation begins this evening. Joe McAlerney (joey at ...63...) is the
person to contact regarding Spade for Snort 1.9 until I'm back to my 
e-mail on Tues Aug 20.  Do not hesitate to contact him in my absence.

Thanks,

   Jim

At 4:53 PM -0700 7/20/02, James Hoagland wrote:
>Greetings,
>
>I've created an updated version of Spade for Snort 1.9.  A patch 
>against the current snort CVS is attached.  This is the list of most 
>of the changes from the version of Spade that is in Snort 1.8.7:
>
>+ ported to Snort 1.9
>+ spade-homenet now accepts homenets in the form "[homenet,homenet]"
>+ spade-threshlearn renamed to spade-threshadvise for clarity; 
>backwards compatability maintained
>+ spade-threshadvise now correctly reports how long it ran for
>+ conditional compilation for certain ancient Snort versions removed
>+ most or all writes to stderr and stdout changed to use of 
>FatalError and ErrorMessage
>+ it is now a fatal error if a spade-* config line is given before 
>the preprocessor spade line; this eliminates an obscure error 
>condition when the user forgets the main spade line
>+ warnings about repeated adapt specifications now show the 
>offending config file and line number
>+ direct communication with IDMEF output plugin made if IDMEF is 
>enabled (so as to pass along the anomaly score)
>+ spade-correlate (never active) was removed
>+ source files renamed to spp_spade.[ch] from spp_anomsensor.[ch] for clarity
>+ updated documentation
>
>If someone could look this over and commit the patch to the CVS, I'd 
>appreciate it.  Please let me know if you see any problems or have 
>any concerns.  Also, please let me know if I should follow a 
>different procedure to submit this update.
>
>Thank you,
>
>   Jim
>
>P.s. I'm in the process of reorganizing the Spade code to better 
>support some future enhancements, but I thought I'd get this out now 
>rather than wait for the new code.
>--
>|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
>|*            --- Silicon Defense: IDS Solutions ---             *|
>|*  hoagland at ...60..., http://www.silicondefense.com/  *|
>|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|
>
>Attachment converted: Shu:snort1.9-addSpade.patch.gz 1 (/) (00078648)


-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...60..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-devel mailing list