This is a mirror of official site: http://jasper-net.blogspot.com/

Sagan

| Sunday, June 27, 2010
Sagan is a multi-threaded, real time system and event log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for detecting bad things happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system.

  • Sagan is fast - Sagan is written in C and is a multi-threaded application. Sagan is threaded to prevent blocking Input/Output (I/O). For example, data processing doesn't stop when an SQL query is needed.
  • Sagan uses a "Snort" like rule set - If you're a user of "Snort" and understand Snort rule sets, then you already understand Sagan rule sets. Essentially, Sagan is compatible with Snort rule management utilities. For example, "oinkmaster" and "pulledpork".
  • Sagan can log to Snort databases - Sagan will operate as a separate "sensor" ID to a Snort database. This means, your IDS/IPS events from Snort will remain separate from your Sagan (syslog/event log). Since Sagan can utilize Snort databases, using Snort front-ends like BASE and Snorby will not only work with your IDS/IPS event, but also with your syslog/events as well!
  • Sagan output formats - You don't have to be a Snort user to use Sagan. Sagan supports multiple output formats, such as a standard output file log format (similar to Snort), e-mailing of alerts (via libesmtp), Logzilla support and external based programs that you can develop using the language you prefer (Perl/Python/C/etc).
  • Sagan is actively developed - Softwink, Inc. actively develops and maintains the Sagan source code and rule sets. Softwink, Inc. uses Sagan to monitor security related log events on a 24/7 basis.

Read more: Sagan

Posted via email from .NET Info

0 comments: