Sagan 0.2.2 Released.

Showing 1-1 of 1 messages
Sagan 0.2.2 Released. Da Beave 8/20/12 8:33 AM
Hash: SHA1

Sagan version 0.2.2 has been released
Champ Clark III []
Quadrant Main Site:
Sagan Main Site:

What is Sagan?
- --------------

Sagan is an open source (GNU/GPLv2) high performance,  real time log
analysis & correlation engine.  It's written in C and uses a
multithreaded architecture to deliver high performance log & event
analysis.  Sagan rules and structure work similar to Sourcefires
?Snort? IDS engine.   This is done to maintain compatibility with rule
management software (oinkmaster/pulledpork/etc) and allows Sagan the
ability to correlate log events with your Snort IDS/IPS system.
Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it's compatible with all
Snort ?consoles?.  For example, Sagan works fine with Snorby
[], Sguil
[] and the Prelude IDS framework!  For more
information,  please visit the Sagan web site:

What's new in Sagan?
- --------------------

- - This release is largely a bug fix for the Sagan "after:" directive.
 Older verions of Sagan (0.2.1--) incorrectly handled the "after:"
flag/directive. New versions of the Sagan rules make heavy use of
"after:".  In one week we'll be pushing out a major rule set update.
This new rule update will potentially break 0.2.1-- clients.  Please
upgrade ASAP.

- - Added content negation at the request of DigAngel.  This means you
can do things like:

  content: "Find this"; content: ! "But don't find this";

- - Several other minor bug fixes.

What's in the future for Sagan?
- -------------------------------

- - New pre-processors for log analysis for better anomaly detection.
- - Better multi-CPU support on CPU intensive operations.

Where's an online demo?
- -----------------------

For an online demo of Sagan and Snorby in action,  please go to:
Password: snorby

You'll notice the ?Sagan? sensor online and reporting log data.

- ------------------

General questions about Sagan should be direct to the Sagan mailing
list. That is located at
Author specific questions should be directed to Champ Clark II

Thank you!

- --
- - Champ Clark III (
  Quadrant Information Security (
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -