Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
sagan-users
Conversations
About
sagan-users
Contact owners and managers
1–30 of 255
The Sagan log analysis engine!
http://sagan.io
Mark all as read
Report abusive group
0 selected
Manuel Bueno Pérez
Nov 30
Testing and conf files
Hi all! I'm studying engineering and as part of a project i have to install and configure a
unread,
Testing and conf files
Hi all! I'm studying engineering and as part of a project i have to install and configure a
Nov 30
Yap Toni
Aug 11
protocol-map.c error
Hi, I need some help. I installed sagan version 2.0.2 I tried to run the command "sagan --debug
unread,
protocol-map.c error
Hi, I need some help. I installed sagan version 2.0.2 I tried to run the command "sagan --debug
Aug 11
Berend
12/23/22
Hostname field for log/alert events
Greetings, is there a setup where Sagan would include the hostname in alerts or log events? SyslogNG
unread,
Hostname field for log/alert events
Greetings, is there a setup where Sagan would include the hostname in alerts or log events? SyslogNG
12/23/22
Demetri Harrison
,
Da Beave
2
5/24/22
Failed to start Sagan daemon
What happens when you run it from the command line? On Wednesday, April 13, 2022 at 11:39:43 AM UTC-4
unread,
Failed to start Sagan daemon
What happens when you run it from the command line? On Wednesday, April 13, 2022 at 11:39:43 AM UTC-4
5/24/22
Kacper B
, …
Da Beave
4
1/8/22
JSON/Text mixed syslog message
This is a bit problematic for Sagan. Sagan can toggle between normal syslog messages and JSON. The
unread,
JSON/Text mixed syslog message
This is a bit problematic for Sagan. Sagan can toggle between normal syslog messages and JSON. The
1/8/22
Da Beave
3
1/4/22
Sagan version 2.0.2 release / New Ubuntu/Debian PPA / New Discord Channel!
Doh! The Discord channel link expired. This the new, non-expiring, link : https://discord.gg/
unread,
Sagan version 2.0.2 release / New Ubuntu/Debian PPA / New Discord Channel!
Doh! The Discord channel link expired. This the new, non-expiring, link : https://discord.gg/
1/4/22
Da Beave
9/30/21
Need help testing Meer!
Hello all !! Sometime ago I started a project named “Meer”. Meer is basically a “spooler” for Sagan
unread,
Need help testing Meer!
Hello all !! Sometime ago I started a project named “Meer”. Meer is basically a “spooler” for Sagan
9/30/21
Haxx
,
Da Beave
2
8/17/21
Sagan v.1.2.2-1 failing to start during post-installation test.
Sagan 1.2.2 is pretty old. This appears to be a system or package issue. That is, Sagan was compiled
unread,
Sagan v.1.2.2-1 failing to start during post-installation test.
Sagan 1.2.2 is pretty old. This appears to be a system or package issue. That is, Sagan was compiled
8/17/21
Erickson Matos
,
Vladimir Suvorov
2
7/19/21
Capturing data
Hello, Matos! What exactly is your problem? You have collected Sagan, have you connected any data
unread,
Capturing data
Hello, Matos! What exactly is your problem? You have collected Sagan, have you connected any data
7/19/21
Vladimir Suvorov
,
Da Beave
4
5/25/21
Correlation of non-standard sources
Lots and lots of work from the Quadrant team :) We see a lot of log types at our clients. On Tue, May
unread,
Correlation of non-standard sources
Lots and lots of work from the Quadrant team :) We see a lot of log types at our clients. On Tue, May
5/25/21
Vladimir Suvorov
, …
Da Beave
6
5/25/21
Investigation of incidents
Once of the new big things for the next Sagan release is to include in the event EVE (JSON) a "
unread,
Investigation of incidents
Once of the new big things for the next Sagan release is to include in the event EVE (JSON) a "
5/25/21
Jason Lee
,
Da Beave
5
4/27/21
about meer permission
Hey Jason, I ran into a bug that i think might have been related to your issue. When "redis
unread,
about meer permission
Hey Jason, I ran into a bug that i think might have been related to your issue. When "redis
4/27/21
st...@sroskam.nl
,
Da Beave
7
4/19/21
event_id in json
I've tested both my development branch and the changed code. Both are working with my testrule
unread,
event_id in json
I've tested both my development branch and the changed code. Both are working with my testrule
4/19/21
Cao Xuân Sang
,
Da Beave
8
3/27/21
Please help me about how to use sagan
Looks like you are passing it JSON. Did you configure Sagan for JSON input ? On Fri, Mar 26, 2021, 1:
unread,
Please help me about how to use sagan
Looks like you are passing it JSON. Did you configure Sagan for JSON input ? On Fri, Mar 26, 2021, 1:
3/27/21
Da Beave
2/8/21
Sagan version 2.0.1 released!
We are happy to release Sagan version 2.0.1. This release fixes some minor bugs and contains some
unread,
Sagan version 2.0.1 released!
We are happy to release Sagan version 2.0.1. This release fixes some minor bugs and contains some
2/8/21
Ivan Kuncl
,
Da Beave
4
1/28/21
event_id - how to detect
I tried the patch. Result is that the event_id is empty string. I opened the issue on Github Best
unread,
event_id - how to detect
I tried the patch. Result is that the event_id is empty string. I opened the issue on Github Best
1/28/21
st...@sroskam.nl
,
Da Beave
7
1/19/21
SEGV version 2.0.0
I think I have found the issue, will prepare a pull request for this. Best regards, Stef Op dinsdag
unread,
SEGV version 2.0.0
I think I have found the issue, will prepare a pull request for this. Best regards, Stef Op dinsdag
1/19/21
Da Beave
1/11/21
Sagan 2.0.0 release.
Quadrant Information Security (https://quadrantsec.com) is proud to release version 2.0.0 of the
unread,
Sagan 2.0.0 release.
Quadrant Information Security (https://quadrantsec.com) is proud to release version 2.0.0 of the
1/11/21
Da Beave
1/7/21
** The Sagan Github repo has moved! **
Hello all, I hope everyone has had a good holiday and new years! We are in the process of
unread,
** The Sagan Github repo has moved! **
Hello all, I hope everyone has had a good holiday and new years! We are in the process of
1/7/21
st...@sroskam.nl
,
Champ Clark III
2
11/23/20
Meaning of "after" keyword
I think you might be correct but would really need to go back and look at the code. Give me a bit and
unread,
Meaning of "after" keyword
I think you might be correct but would really need to go back and look at the code. Give me a bit and
11/23/20
Shiva Gujjanti
, …
Champ Clark III
3
11/11/20
libmaxminddb
It looks like the URL not longer works from Maxmind. I would.leg them know . In then mean time , as
unread,
libmaxminddb
It looks like the URL not longer works from Maxmind. I would.leg them know . In then mean time , as
11/11/20
Shiva Gujjanti
,
Champ Clark III
3
11/6/20
Sagan Installation
Thank you. On Thu, Nov 5, 2020 at 7:03 PM Champ Clark III <ccl...@quadrantsec.com> wrote: The
unread,
Sagan Installation
Thank you. On Thu, Nov 5, 2020 at 7:03 PM Champ Clark III <ccl...@quadrantsec.com> wrote: The
11/6/20
sss sss
,
Da Beave
7
6/2/20
Problem With Redis for reading Xbits
Thanks for your quick reaction! I'll check the new version and will share my experience ASAP. On
unread,
Problem With Redis for reading Xbits
Thanks for your quick reaction! I'll check the new version and will share my experience ASAP. On
6/2/20
WRF
,
Da Beave
5
5/28/20
Redis Support with Meer and Sagan
Sagan uses Redis to store 'xbits'. That about all it does right now. Meer uses Redis to store
unread,
Redis Support with Meer and Sagan
Sagan uses Redis to store 'xbits'. That about all it does right now. Meer uses Redis to store
5/28/20
WRF
,
Champ Clark III
2
4/16/20
Meer Configuration with Sagan
This and the "blacklist" issue are best posted in the Github.com "issues" page.
unread,
Meer Configuration with Sagan
This and the "blacklist" issue are best posted in the Github.com "issues" page.
4/16/20
WRF
,
Champ Clark III
2
4/16/20
Block Offending IP Addresses
"Snortsam" support has been depreciated. What you'll likely want to do is run Meer with
unread,
Block Offending IP Addresses
"Snortsam" support has been depreciated. What you'll likely want to do is run Meer with
4/16/20
WRF
4/16/20
Sagan Blacklisting
I have a 6.2 MB blacklist.txt and set the location of said blacklist in sagn.yaml. I have as well
unread,
Sagan Blacklisting
I have a 6.2 MB blacklist.txt and set the location of said blacklist in sagn.yaml. I have as well
4/16/20
Stef Roskam
2
2/27/20
Syslog_tag length compared to programname length
I've spent more time looking at the code and if my understanding of the code is correct the
unread,
Syslog_tag length compared to programname length
I've spent more time looking at the code and if my understanding of the code is correct the
2/27/20
William Plessinger
,
Da Beave
3
12/15/19
Newbie issue with Plob
Cool! Nicely done and glad you figured it out!
unread,
Newbie issue with Plob
Cool! Nicely done and glad you figured it out!
12/15/19
sss sss
,
Da Beave
2
12/15/19
Usefull repo
Awesome! I'll add this to the https://sagan.readthedocs.org page! On Saturday, December 14, 2019
unread,
Usefull repo
Awesome! I'll add this to the https://sagan.readthedocs.org page! On Saturday, December 14, 2019
12/15/19