Groups
Conversations
All groups and messages
Send feedback to Google
Help
Account
Search
Maps
YouTube
Play
News
Gmail
Meet
Chat
Contacts
Drive
Calendar
Translate
Photos
Duo
Chrome
Shopping
Finance
Docs
Sheets
Slides
Books
Blogger
Hangouts
Keep
Jamboard
Earth
Collections
Arts and Culture
Google Ads
Podcasts
Stadia
Travel
Forms
More from Google
Sign in
Groups
sagan-users
Conversations
About
sagan-users
1–30 of 244
The Sagan log analysis engine!
http://sagan.io
Mark all as read
Report abusive group
0 selected
st...@sroskam.nl
,
Da Beave
7
Apr 19
event_id in json
I've tested both my development branch and the changed code. Both are working with my testrule
unread,
event_id in json
I've tested both my development branch and the changed code. Both are working with my testrule
Apr 19
Vladimir Suvorov
, …
Da Beave
4
Apr 1
Investigation of incidents
Hello, There has to be a means for your SOC staff or analysts to dig into data. One way to do this is
unread,
Investigation of incidents
Hello, There has to be a means for your SOC staff or analysts to dig into data. One way to do this is
Apr 1
Cao Xuân Sang
,
Da Beave
8
Mar 27
Please help me about how to use sagan
Looks like you are passing it JSON. Did you configure Sagan for JSON input ? On Fri, Mar 26, 2021, 1:
unread,
Please help me about how to use sagan
Looks like you are passing it JSON. Did you configure Sagan for JSON input ? On Fri, Mar 26, 2021, 1:
Mar 27
Da Beave
Feb 8
Sagan version 2.0.1 released!
We are happy to release Sagan version 2.0.1. This release fixes some minor bugs and contains some
unread,
Sagan version 2.0.1 released!
We are happy to release Sagan version 2.0.1. This release fixes some minor bugs and contains some
Feb 8
Ivan Kuncl
,
Da Beave
4
Jan 28
event_id - how to detect
I tried the patch. Result is that the event_id is empty string. I opened the issue on Github Best
unread,
event_id - how to detect
I tried the patch. Result is that the event_id is empty string. I opened the issue on Github Best
Jan 28
st...@sroskam.nl
,
Da Beave
7
Jan 19
SEGV version 2.0.0
I think I have found the issue, will prepare a pull request for this. Best regards, Stef Op dinsdag
unread,
SEGV version 2.0.0
I think I have found the issue, will prepare a pull request for this. Best regards, Stef Op dinsdag
Jan 19
Da Beave
Jan 11
Sagan 2.0.0 release.
Quadrant Information Security (https://quadrantsec.com) is proud to release version 2.0.0 of the
unread,
Sagan 2.0.0 release.
Quadrant Information Security (https://quadrantsec.com) is proud to release version 2.0.0 of the
Jan 11
Da Beave
Jan 7
** The Sagan Github repo has moved! **
Hello all, I hope everyone has had a good holiday and new years! We are in the process of
unread,
** The Sagan Github repo has moved! **
Hello all, I hope everyone has had a good holiday and new years! We are in the process of
Jan 7
st...@sroskam.nl
,
Champ Clark III
2
11/23/20
Meaning of "after" keyword
I think you might be correct but would really need to go back and look at the code. Give me a bit and
unread,
Meaning of "after" keyword
I think you might be correct but would really need to go back and look at the code. Give me a bit and
11/23/20
Shiva Gujjanti
, …
Champ Clark III
3
11/11/20
libmaxminddb
It looks like the URL not longer works from Maxmind. I would.leg them know . In then mean time , as
unread,
libmaxminddb
It looks like the URL not longer works from Maxmind. I would.leg them know . In then mean time , as
11/11/20
Shiva Gujjanti
,
Champ Clark III
3
11/6/20
Sagan Installation
Thank you. On Thu, Nov 5, 2020 at 7:03 PM Champ Clark III <cclark@quadrantsec.com> wrote: The
unread,
Sagan Installation
Thank you. On Thu, Nov 5, 2020 at 7:03 PM Champ Clark III <cclark@quadrantsec.com> wrote: The
11/6/20
sss sss
,
Da Beave
7
6/2/20
Problem With Redis for reading Xbits
Thanks for your quick reaction! I'll check the new version and will share my experience ASAP. On
unread,
Problem With Redis for reading Xbits
Thanks for your quick reaction! I'll check the new version and will share my experience ASAP. On
6/2/20
WRF
,
Da Beave
5
5/28/20
Redis Support with Meer and Sagan
Sagan uses Redis to store 'xbits'. That about all it does right now. Meer uses Redis to store
unread,
Redis Support with Meer and Sagan
Sagan uses Redis to store 'xbits'. That about all it does right now. Meer uses Redis to store
5/28/20
WRF
,
Champ Clark III
2
4/16/20
Meer Configuration with Sagan
This and the "blacklist" issue are best posted in the Github.com "issues" page.
unread,
Meer Configuration with Sagan
This and the "blacklist" issue are best posted in the Github.com "issues" page.
4/16/20
WRF
,
Champ Clark III
2
4/16/20
Block Offending IP Addresses
"Snortsam" support has been depreciated. What you'll likely want to do is run Meer with
unread,
Block Offending IP Addresses
"Snortsam" support has been depreciated. What you'll likely want to do is run Meer with
4/16/20
WRF
4/16/20
Sagan Blacklisting
I have a 6.2 MB blacklist.txt and set the location of said blacklist in sagn.yaml. I have as well
unread,
Sagan Blacklisting
I have a 6.2 MB blacklist.txt and set the location of said blacklist in sagn.yaml. I have as well
4/16/20
Stef Roskam
2
2/27/20
Syslog_tag length compared to programname length
I've spent more time looking at the code and if my understanding of the code is correct the
unread,
Syslog_tag length compared to programname length
I've spent more time looking at the code and if my understanding of the code is correct the
2/27/20
William Plessinger
,
Da Beave
3
12/15/19
Newbie issue with Plob
Cool! Nicely done and glad you figured it out!
unread,
Newbie issue with Plob
Cool! Nicely done and glad you figured it out!
12/15/19
sss sss
,
Da Beave
2
12/15/19
Usefull repo
Awesome! I'll add this to the https://sagan.readthedocs.org page! On Saturday, December 14, 2019
unread,
Usefull repo
Awesome! I'll add this to the https://sagan.readthedocs.org page! On Saturday, December 14, 2019
12/15/19
Michael Riggs
, …
Champ Clark III
7
11/28/19
Winlogbeat -> logstash -> sagan
.....also!! I have not had a chance to properly document the JSON functionality. It's still a
unread,
Winlogbeat -> logstash -> sagan
.....also!! I have not had a chance to properly document the JSON functionality. It's still a
11/28/19
Brian Candler
,
Bruce M. Wink
2
10/30/19
wiki.quadrantsec.com down?
Hi Brian, Thank you so much for bring that to our attention, it's been fixed now. You should be
unread,
wiki.quadrantsec.com down?
Hi Brian, Thank you so much for bring that to our attention, it's been fixed now. You should be
10/30/19
Brian Candler
,
Champ Clark III
10
10/29/19
Initial testing - trying to trigger on a rule
All good - thank you!
unread,
Initial testing - trying to trigger on a rule
All good - thank you!
10/29/19
Brian Candler
,
Da Beave
2
10/25/19
Tags in github
Yes. I only recently started looking into "tags" for this reason. I had never really used
unread,
Tags in github
Yes. I only recently started looking into "tags" for this reason. I had never really used
10/25/19
Brian Candler
,
Da Beave
2
10/25/19
install-sh is missing from tarball
Thank you! I'm a bit confused what happened as the "configure" is there (which means ./
unread,
install-sh is missing from tarball
Thank you! I'm a bit confused what happened as the "configure" is there (which means ./
10/25/19
sss sss
,
Champ Clark III
4
9/15/19
Sagan integration with Apache Kafka
Thanks, I will ASAP. On Saturday, September 14, 2019 at 7:17:08 PM UTC+4:30, Da Beave wrote: Hello,
unread,
Sagan integration with Apache Kafka
Thanks, I will ASAP. On Saturday, September 14, 2019 at 7:17:08 PM UTC+4:30, Da Beave wrote: Hello,
9/15/19
Kyle S
,
Da Beave
4
7/20/19
Alerting on a json message
I guess the proper question is; Is the syslog daemon generating the JSON or is the device sending to
unread,
Alerting on a json message
I guess the proper question is; Is the syslog daemon generating the JSON or is the device sending to
7/20/19
Stef Roskam
,
Da Beave
6
7/15/19
Alert on correlated rules in a userscope
In my test rules I used normalize and liblognorm, I just forgot to put them into my examples, indeed
unread,
Alert on correlated rules in a userscope
In my test rules I used normalize and liblognorm, I just forgot to put them into my examples, indeed
7/15/19
Hirbod Moriani
,
Da Beave
2
7/8/19
Use only xbit: isset,XXXX; in rule.
This can be done. You have to make it work in stages. Think of it this way: 1. If a content is seen,
unread,
Use only xbit: isset,XXXX; in rule.
This can be done. You have to make it work in stages. Think of it this way: 1. If a content is seen,
7/8/19
Da Beave
7/3/19
Sagan 1.2.2 released!
Quadrant Information Security is proud to release Sagan version 1.2.2 along with a new "stable
unread,
Sagan 1.2.2 released!
Quadrant Information Security is proud to release Sagan version 1.2.2 along with a new "stable
7/3/19
Da Beave
4/10/19
Depreciation of Unified2 support in Sagan.
Hello, We are looking to remove support for Unified2 at or after October 1st, 2019. If you are using
unread,
Depreciation of Unified2 support in Sagan.
Hello, We are looking to remove support for Unified2 at or after October 1st, 2019. If you are using
4/10/19