forked from beave/sagan
-
Notifications
You must be signed in to change notification settings - Fork 0
Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
License
benhe119/sagan
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Welcome to the README file. --------------------------- What is Sagan? Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Suricata & Snort IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your IDS/IPS system. Sagan can write out to databases via Suricata EVE formats and/or Unified2, it is compatible with all Snort & Suricata consoles. Sagan can write also write out JSON which can be ingested by Elasticsearch and viewed with console like Kibana, EVEbox, etc. Sagan supports many different output formats, log normalization (via liblognorm), GeoIP detection, script execution on event and automatic firewall support via "Snortsam" (see http://www.snortsam.net). Sagan uses the GNU "artisic style". For more information, please visit the Sagan web site: http://sagan.quadrantsec.com. If you're looking for Sagan rules on Github, they are located at: https://github.com/beave/sagan-rules
About
Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 93.0%
- M4 2.7%
- Perl 1.5%
- Assembly 1.3%
- Shell 0.7%
- Makefile 0.5%
- Other 0.3%