PaulDotCom mailing list archives
Sagan 0.2.2 Released.
From: Champ Clark III <cclark () quadrantsec com>
Date: Mon, 20 Aug 2012 11:33:44 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sagan version 0.2.2 has been released ===================================== Champ Clark III [cclark () quadrantsec com] Quadrant Main Site: http://www.quadrantsec.com Sagan Main Site: http://sagan.quadrantsec.com What is Sagan? - -------------- Sagan is an open source (GNU/GPLv2) high performance, real time log analysis & correlation engine. It's written in C and uses a multithreaded architecture to deliver high performance log & event analysis. Sagan rules and structure work similar to Sourcefires ?Snort? IDS engine. This is done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan the ability to correlate log events with your Snort IDS/IPS system. Since Sagan can write to Snort IDS/IPS databases via unified2/barnyard2 or direct SQL access, it's compatible with all Snort ?consoles?. For example, Sagan works fine with Snorby [http://www.snorby.org], Sguil [http://sguil.sourceforge.net] and the Prelude IDS framework! For more information, please visit the Sagan web site: http://sagan.quadrantsec.com. What's new in Sagan? - -------------------- - - This release is largely a bug fix for the Sagan "after:" directive. Older verions of Sagan (0.2.1--) incorrectly handled the "after:" flag/directive. New versions of the Sagan rules make heavy use of "after:". In one week we'll be pushing out a major rule set update. This new rule update will potentially break 0.2.1-- clients. Please upgrade ASAP. - - Added content negation at the request of DigAngel. This means you can do things like: content: "Find this"; content: ! "But don't find this"; - - Several other minor bug fixes. What's in the future for Sagan? - ------------------------------- - - New pre-processors for log analysis for better anomaly detection. - - Better multi-CPU support on CPU intensive operations. Where's an online demo? - ----------------------- For an online demo of Sagan and Snorby in action, please go to: http://demo.snorby.org Username: demo () snorby org Password: snorby You'll notice the ?Sagan? sensor online and reporting log data. Question/Comments: - ------------------ General questions about Sagan should be direct to the Sagan mailing list. That is located at http://groups.google.com/group/sagan-users. Author specific questions should be directed to Champ Clark II (cclark () quadrantsec com). Thank you! - -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQMljYAAoJENnmXt7Lmc3Ku60H/RLb+V4PfoVHjtOo5ZktqVbn fXFeXw3QqGJWlEUhw1EMEgX1J6YvaXjn2iW8iHCd/6mpzucYQs5qpxUjPPUi41c6 Fu2kLJV7fm2oihpMiEZJ9aBsJxZg4pPl5mh3VViCtwhcL9q2PRB/h6QiMTq/qJKv /wTQn5GVFa6DTYQ1/ezDdUn9lf/iDrbrajiZ18xQGyyKreE5Svh2XmOUz+6Idz+y O00Y1aaQLw7r/GGxVh7+p+VH67m2mVRbK/RP9KgjYRPPa2B/c0CDashL2Z9/0DOQ mMA0jRuZzFct1XV6/JODcVh4XOYq7h5YrdFpu4NovYGW1beCbGkAFJFt7Y2YplE= =QS2K -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Sagan 0.2.2 Released. Champ Clark III (Aug 20)