Git update. Version bump and --file flag.
Champ Clark III
Hash: SHA1
- - Bumped the git tree from verison 0.2.1 to 0.2.2-git.
- - Added the --file flag to Sagan (command line). This allows Sagan to
read events from a file rather than a FIFO. The file format must be
in the normal Sagan | delimited format, just like the FIFO! Here's
the example usage:
Imagine your syslog daemon sends logs to the Sagan FIFO _and_ stores
logs to the local drive in the Sagan format. Let's assume that you
come up with a new rule and would like to proactively check older
logs. You can run Sagan with the --file to read in the older log
entries and process with the new rule set.
This idea is credited to Brett Morris.
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPizooAAoJENnmXt7Lmc3KHekIAIzS+BMXAGfRKXmzq7wHPsA9
2o17r4fDosX+OEMsLpFkp7jBmQDQvi10gm5TWNAFI9VQ17l6jcxWJrvGPDusipZ0
cgM4YJhTCauj5PnH+cmP/7jUvNKqEx8kfQ9VrhsqKYNu2vpvJJcrz7ayevY5KnEI
oquimiuBZlEsufA4eXJW1iHVcHOXgJ2Dxg/fqTxVXKQVzsMYawRt24fUc5vym3sh
yYvE8ZWsmwphTKrzPnuGRg2ATWjo5oVEqMC5bC2Thc7FdNwDTVry5aZlTcSd/6q2
CUja61phSpQ9a/5gPIsAhSaGeMd1ELvVkg7T+Pe78k0fUPip/auWQxF282rOQvI=
=rc0x
-----END PGP SIGNATURE-----