[Snort-users] Snort 1.90 no Spade?

James Hoagland hoagland at ...47...
Sat Oct 5 13:20:02 EDT 2002

Hello Shane,

At 4:06 PM -0600 10/4/02, Shane Hickey wrote:
>I'm afraid I haven't read the list in quite some time, so I apologize if
>this has been answered.  I checked the FAQ and the archives and didn't
>see mention of it.  Anyway, I'm running Snort on RedHat installed from
>RPMs.  It's always included Spade, but 1.90 doesn't seem to.  Is there a
>reason for this, or was it an oversight.

I'm glad you asked.  I provided a version of Spade for Snort 1.9 
(somewhat enhanced over the version in Snort 1.8.7) to the Snort 
developers on July 20, 2002.  Since then, we have not received any 
substantive feedback on it from anyone with commit privileges despite 
repeated queries.  So, regrettably, we are back to the model of 
providing Spade as an add-on package.  (This was the model prior to 
Spade being incorporated in Snort with Snort 1.7.0.)

In the mean time, we've been making some significant enchantments to 
Spade.  These are nearly complete, so we'll release that version as 
soon as it is ready (probably this Monday).  It'll be available from 
the Silicon Defense web site and probably also via Snortenstein.


If you can't wait, you can get the version I submitted on July 20:


>I found that I caught many
>intrusions that I wouldn't have seen otherwise when I was using Spade,
>although, I wish you could tell it to ignore certain source networks.

I'm glad you found it useful and I don't think you were alone.  Is 
there some specific reason you wanted to ignore certain sources? 
(I'm trying to see if the problem has been addressed already.)

Best regards,


|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

More information about the Snort-users mailing list