forked from beave/sagan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
29 lines (22 loc) · 1.2 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Welcome to the README file
--------------------------
What is Sagan?
Sagan is an open source (GNU/GPLv2) high performance, real-time log
analysis & correlation engine. It is written in C and uses a
multi-threaded architecture to deliver high performance log & event
analysis. The Sagan structure and Sagan rules work similarly to the
Sourcefire "Snort" IDS engine. This was intentionally done to maintain
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS
system. Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2, it is compatible with all Snort "consoles".
For example, Sagan is compatible with Snorby [http://www.snorby.org],
Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS
framework! (to name a few).
Sagan supports many different output formats, log normalization
(via liblognorm), script execution on event and automatic firewall
support via "Snortsam" (see http://www.snortsam.net).
For more information, please visit the Sagan web site:
http://sagan.quadrantsec.com.
If you're looking for Sagan rules on Github, they are located at:
https://github.com/beave/sagan-rules