min-width: mobile
min-width: 400px
min-width: 550px
min-width: 750px
min-width: 1000px
min-width: 1200px
NOTICE We have updated our Privacy Policy to include GDPR and the use of cookies. Click "Accept" to continue. ACCEPT

Blog

Sagan Version 0-2-0 Released

Posted by Champ Clark on August 22, 2011

Quadrant Information Security is proud to release Sagan version 0.2.0!

What is Sagan?

Sagan is multi-threaded, real-time system and event-log monitoring software,
but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious
events happening on your network and/or computer systems. If Sagan detects a
"bad thing" happening, it can do a number of things with that information. For
example, Sagan can store the information to a Snort MySQL database for viewing
with utilities like Snorby [http://www.snorby.org],  it can send e-mail(s)
about the event to the appropriate personnel,  it can store to a Prelude back
end, it can also spawn external utilities, as well as numerous other things.

Sagan can also correlate the events with your Intrusion Detection/Intrusion
Prevention (IDS/IPS) system and basically acts like an SIEM (Security
Information & Log Management) system.


Release/ChangeLog:

- Removed Logzilla support from based code.  It was decided that Logzilla is outside of the scope of the Sagan SEIM system.
- Removed --program functionality.  This only worked with syslog-ng and wasn't terribly efficient.
- Restructured the way some data was handled.  Namely _SaganConfig, _SaganSigArgs, _SaganDebug, etc.
- Resolved some bugs with direct Snort database writes missing IP information.
- Moved Sagan source code away from SVN to github.  See https://github.com/beave/sagan & https://github.com/beave/sagan-rules
- Fix --chroot handling.   This wasn't working correctly and was confusing.
- Many,  many small bug fixes


Development Road Map:

- Sagan 0.2.1 future development goals:  Sagan with Snortsam support!


Big special thanks to Merlyn Cousins (AKA - DrForbin) with bug stomping/patches/
development.  He's submitted a lot of patches and time on Sagan.

To download Sagan,  please see: http://sagan.quadrantsec.com

Posted in Announcements