/sagan

Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
  1. C 92.9%
  2. M4 2.7%
  3. Perl 1.5%
  4. Assembly 1.4%
  5. Shell 0.7%
  6. Makefile 0.5%
  7. Other 0.3%
C M4 Perl Assembly Shell Makefile Other
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates May 30, 2018
doc Added some stuff from shadowbq Sagan-extras! Jan 4, 2013
etc New Bluedot TTL/Host option to prevent overloading DNS servers. Jun 6, 2018
extra Minor change to build tests. May 9, 2018
m4 SSE2 enabled strstr added Dec 3, 2014
src Fix for util Jun 9, 2018
tools Remove PRIuMAX for PRIu64. Fix compile warning for saganpeek.c Jan 12, 2018
.gitignore configure cleanup May 3, 2016
.travis.yml saganpeek added to travisci Nov 8, 2017
AUTHORS New work on rule based Websense processor | This is just sync code. Mar 12, 2015
COPYING Commit of the Sagan 0.3.0 multi-CPU enabled branch! Dec 5, 2012
ChangeLog Last Changelog update May 29, 2018
FAQ FAQ / NEWS / README updates Jan 27, 2014
INSTALL Moved from json-c to Rainers libfastjson (from liblognorm). See https… Apr 28, 2016
Makefile.am Autoconf cleanup Jan 11, 2017
NEWS FAQ / NEWS / README updates Jan 27, 2014
README Test commit Aug 2, 2017
TODO Commit of the Sagan 0.3.0 multi-CPU enabled branch! Dec 5, 2012
autogen.sh Fixed some issues with autotools issues (not remove \n after version … Jan 15, 2017
config.h.in New SetThreadName() function. Also named thread names for all threads! Jul 19, 2017
configure.ac i386 compile time fix for Pierre Chifflier (debian maintainer). May 9, 2018
stamp-h1 Commit of the Sagan 0.3.0 multi-CPU enabled branch! Dec 5, 2012

README 

Welcome to the README file.
---------------------------

What is Sagan? 

Sagan is an open source (GNU/GPLv2) high performance, real-time log 
analysis & correlation engine.  It is written in C and uses a 
multi-threaded architecture to deliver high performance log & event 
analysis. The Sagan structure and Sagan rules work similarly to the 
Sourcefire "Snort" IDS engine. This was intentionally done to maintain 
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS 
system. Since Sagan can write to Snort IDS/IPS databases via 
unified2/barnyard2, it is compatible with all Snort "consoles". 
For example, Sagan is compatible with Snorby [http://www.snorby.org],
Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS 
framework! (to name a few).

Sagan supports many different output formats,  log normalization 
(via liblognorm),  GeoIP detection, script execution on event and
automatic firewall support via "Snortsam" 
(see http://www.snortsam.net).  

Sagan uses the GNU "artisic style". 

For more information, please visit the Sagan web site: 
http://sagan.quadrantsec.com. 

If you're looking for Sagan rules on Github,  they are located at:

https://github.com/beave/sagan-rules