forked from beave/sagan
-
Notifications
You must be signed in to change notification settings - Fork 0
Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
License
red8383light/sagan
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Welcome to the README file -------------------------- What is Sagan? Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Sourcefire "Snort" IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort IDS/IPS system. Since Sagan can write to Snort IDS/IPS databases via unified2/barnyard2, it is compatible with all Snort "consoles". For example, Sagan is compatible with Snorby [http://www.snorby.org], Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS framework! (to name a few). Sagan supports many different output formats, log normalization (via liblognorm), GeoIP detection, script execution on event and automatic firewall support via "Snortsam" (see http://www.snortsam.net). Sagan uses the GNU "artisic style". For more information, please visit the Sagan web site: http://sagan.quadrantsec.com. If you're looking for Sagan rules on Github, they are located at: https://github.com/beave/sagan-rules
About
Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 90.7%
- M4 3.1%
- Perl 2.2%
- Assembly 2.0%
- Shell 1.0%
- Makefile 0.6%
- Other 0.4%