Sagan 0.2.2 Released.

[Champ Clark III <cclark () quadrantsec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sagan version 0.2.2 has been released
=====================================
Champ Clark III [cclark () quadrantsec com]
Quadrant Main Site: http://www.quadrantsec.com
Sagan Main Site: http://sagan.quadrantsec.com

What is Sagan?
- --------------

Sagan is an open source (GNU/GPLv2) high performance,  real time log
analysis & correlation engine.  It's written in C and uses a
multithreaded architecture to deliver high performance log & event
analysis.  Sagan rules and structure work similar to Sourcefires
?Snort? IDS engine.   This is done to maintain compatibility with rule
management software (oinkmaster/pulledpork/etc) and allows Sagan the
ability to correlate log events with your Snort IDS/IPS system.
Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it's compatible with all
Snort ?consoles?.  For example, Sagan works fine with Snorby
[http://www.snorby.org], Sguil
[http://sguil.sourceforge.net] and the Prelude IDS framework!  For more
information,  please visit the Sagan web site:

http://sagan.quadrantsec.com.

What's new in Sagan?
- --------------------

- - This release is largely a bug fix for the Sagan "after:" directive.
 Older verions of Sagan (0.2.1--) incorrectly handled the "after:"
flag/directive. New versions of the Sagan rules make heavy use of
"after:".  In one week we'll be pushing out a major rule set update.
This new rule update will potentially break 0.2.1-- clients.  Please
upgrade ASAP.

- - Added content negation at the request of DigAngel.  This means you
can do things like:

  content: "Find this"; content: ! "But don't find this";

- - Several other minor bug fixes.

What's in the future for Sagan?
- -------------------------------

- - New pre-processors for log analysis for better anomaly detection.
- - Better multi-CPU support on CPU intensive operations.

Where's an online demo?
- -----------------------

For an online demo of Sagan and Snorby in action,  please go to:

http://demo.snorby.org
Username: demo () snorby org
Password: snorby

You'll notice the ?Sagan? sensor online and reporting log data.

Question/Comments:
- ------------------

General questions about Sagan should be direct to the Sagan mailing
list. That is located at http://groups.google.com/group/sagan-users.
Author specific questions should be directed to Champ Clark II
(cclark () quadrantsec com).

Thank you!


- -- 
- - Champ Clark III (cclark () quadrantsec com)
  Quadrant Information Security (http://quadrantsec.com)
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQMljYAAoJENnmXt7Lmc3Ku60H/RLb+V4PfoVHjtOo5ZktqVbn
fXFeXw3QqGJWlEUhw1EMEgX1J6YvaXjn2iW8iHCd/6mpzucYQs5qpxUjPPUi41c6
Fu2kLJV7fm2oihpMiEZJ9aBsJxZg4pPl5mh3VViCtwhcL9q2PRB/h6QiMTq/qJKv
/wTQn5GVFa6DTYQ1/ezDdUn9lf/iDrbrajiZ18xQGyyKreE5Svh2XmOUz+6Idz+y
O00Y1aaQLw7r/GGxVh7+p+VH67m2mVRbK/RP9KgjYRPPa2B/c0CDashL2Z9/0DOQ
mMA0jRuZzFct1XV6/JODcVh4XOYq7h5YrdFpu4NovYGW1beCbGkAFJFt7Y2YplE=
=QS2K
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com