Re: what version of SPADE to use with Snort?

[James Hoagland <jim () SiliconDefense com>]

At 9:51 AM +0100 4/16/03, BHR Hana wrote:
> Hi all,
> I have installed snort-1.9.1 and I have to analyse SPADE, I notice 
> that snort involves a spade distribution [under 
> ~/snort-v/contrib/Spade-092200.1] Thus I have downloaded 
> Spade-030125.1 from silicondefense,
> Could any one tell me which distribution may I run with snort??

That is indeed confusing for users.  Version 092200.1, as you may 
have guessed, is a much older version.  In fact, it doesn't work with 
Snort 1.9 and later (at a minimum, the install procedure won't work 
due to the Snort package being restructured).  You should use version 
030125.1.  I have asked for the version of Spade included in 
"contrib" to be updated at least once in the past, but those with the 
power to make this fix did not do so.

> Also, could you help me to configure spade to adjust its threshold?

As described in the Usage.Spade file, you can set Spade's threshold 
by adding "thesh=<thresh>" to your spade-detect lines.  If for some 
reason you wanted to have the threshold automatically adjusted, see 
the section of Usage.Spade that describes spade-adapt3.

Best regards,

  Jim
--
|*     Jim Hoagland, Associate Researcher, Silicon Defense     *|
|*    --- Silicon Defense: The Cyberwar Defense Company ---    *|
|*   jim () SiliconDefense com, http://www.silicondefense.com/    *|
|*  Voice: (530) 756-7317                 Fax: (530) 756-7297  *|


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users