[Snort-users] what version of SPADE to use with Snort?

James Hoagland jim at ...47...
Wed Apr 16 08:11:11 EDT 2003

At 9:51 AM +0100 4/16/03, BHR Hana wrote:
>Hi all,
>I have installed snort-1.9.1 and I have to analyse SPADE, I notice 
>that snort involves a spade distribution [under 
>~/snort-v/contrib/Spade-092200.1] Thus I have downloaded 
>Spade-030125.1 from silicondefense,
>Could any one tell me which distribution may I run with snort??

That is indeed confusing for users.  Version 092200.1, as you may 
have guessed, is a much older version.  In fact, it doesn't work with 
Snort 1.9 and later (at a minimum, the install procedure won't work 
due to the Snort package being restructured).  You should use version 
030125.1.  I have asked for the version of Spade included in 
"contrib" to be updated at least once in the past, but those with the 
power to make this fix did not do so.

>Also, could you help me to configure spade to adjust its threshold?

As described in the Usage.Spade file, you can set Spade's threshold 
by adding "thesh=<thresh>" to your spade-detect lines.  If for some 
reason you wanted to have the threshold automatically adjusted, see 
the section of Usage.Spade that describes spade-adapt3.

Best regards,

|*     Jim Hoagland, Associate Researcher, Silicon Defense     *|
|*    --- Silicon Defense: The Cyberwar Defense Company ---    *|
|*   jim at ...47..., http://www.silicondefense.com/    *|
|*  Voice: (530) 756-7317                 Fax: (530) 756-7297  *|

More information about the Snort-users mailing list