Sagan
Sagan can alert you when events are occurring in your syslogs that need your attention right away. It can store events into a Snort database, so your IDS/IPS data and log data are in the same place. This enables a single console, like Snorby or BASE, to view not only your IDS/IPS data but your log (syslog, SNMP, etc.) data as well. Sagan will correlate the data for you. It also uses 'Snort-like' rule sets, which means it is compatible with Snort rule set management software. It supports multiple output formats that any network administrator will find useful. Sagan can also stop threats based on log analysis via "Snortsam". This allows Sagan to communicate with various types of network devices (Cisco routers/ASA/etc., Linux iptables, etc).
| Tags | Syslog windows events snmp |
|---|---|
| Licenses | GPLv2 |
| Operating Systems | Linux FreeBSD OpenBSD |
| Implementation | C |
Recent releases
- 30 Apr 2013 22:25
Release Notes: This release is capable of utilizing all CPUs/cores. This means it can digest, parse, and analyze even higher number of events per/second. Introduction of "processors". Removal of the direct SQL output plugin; to write to a SQL database, use unified2 and Barnyard2. Introduction of port variables in rules. More normalization and parsing options. Sagan currently has over five thousand signatures/rules.
- 13 Apr 2012 11:22
Release Notes: This release support Snortsam, a firewall blocking agent for Snort. It can leverage Snortsam to block attacks based on log analysis and normalization. Snortsam currently supports Checkpoint Firewall-1, Cisco PIX/ASA, Cisco routers, Juniper/Netscreen, ipf/ipfw2 (FreeBSD), pf (OpenBSD), ipchains/iptables/ebtables (Linux), Watchguard, 8signs (Windows), and MS ISA Server (Windows). This release adds a new "after" rule option, a new DNS cache system (which shouldn't be used unless 100% necessary), Direct SQL write fixes, and various small bugfixes.
Recent comments
Sagan version 0.2.1 has been released. Now with active firewalling support (Cisco/iptables/etc) via Snortsam. Better direct SQL logging. New "after:" rule option introduced. For more information please see: groups.google.com/grou...
Sagan version 0.1.8 has been released along with new rule sets. This release includes syslog 'sniffing', Unified2 output and liblognorm (log normalization). Please see sagan.softwink.com for more information.
Sagan version 0.1.5 released along with new rule sets. ChangeLog can be found at wiki.softwink.com/bin/... . To download this, and rule sets, please see sagan.softwink.com.
Heartbeat
- Popularity Score
- 174.38
- Vitality Score
- 9.34
- Subscriptions
- 11
