sagan-users

Hello guys, I just started using Sagan and its just not capturing any data yet. is there anything

Lots and lots of work from the Quadrant team :) We see a lot of log types at our clients. On Tue, May

Once of the new big things for the next Sagan release is to include in the event EVE (JSON) a "

Hey Jason, I ran into a bug that i think might have been related to your issue. When "redis

I've tested both my development branch and the changed code. Both are working with my testrule

Looks like you are passing it JSON. Did you configure Sagan for JSON input ? On Fri, Mar 26, 2021, 1:

We are happy to release Sagan version 2.0.1. This release fixes some minor bugs and contains some

I tried the patch. Result is that the event_id is empty string. I opened the issue on Github Best

I think I have found the issue, will prepare a pull request for this. Best regards, Stef Op dinsdag

Quadrant Information Security (https://quadrantsec.com) is proud to release version 2.0.0 of the

Hello all, I hope everyone has had a good holiday and new years! We are in the process of

I think you might be correct but would really need to go back and look at the code. Give me a bit and

It looks like the URL not longer works from Maxmind. I would.leg them know . In then mean time , as

Thank you. On Thu, Nov 5, 2020 at 7:03 PM Champ Clark III <cclark@quadrantsec.com> wrote: The

Thanks for your quick reaction! I'll check the new version and will share my experience ASAP. On

Sagan uses Redis to store 'xbits'. That about all it does right now. Meer uses Redis to store

This and the "blacklist" issue are best posted in the Github.com "issues" page.

"Snortsam" support has been depreciated. What you'll likely want to do is run Meer with

I have a 6.2 MB blacklist.txt and set the location of said blacklist in sagn.yaml. I have as well

I've spent more time looking at the code and if my understanding of the code is correct the

Cool! Nicely done and glad you figured it out!

Awesome! I'll add this to the https://sagan.readthedocs.org page! On Saturday, December 14, 2019

.....also!! I have not had a chance to properly document the JSON functionality. It's still a

Hi Brian, Thank you so much for bring that to our attention, it's been fixed now. You should be

All good - thank you!

Yes. I only recently started looking into "tags" for this reason. I had never really used

Thank you! I'm a bit confused what happened as the "configure" is there (which means ./

Thanks, I will ASAP. On Saturday, September 14, 2019 at 7:17:08 PM UTC+4:30, Da Beave wrote: Hello,

I guess the proper question is; Is the syslog daemon generating the JSON or is the device sending to

In my test rules I used normalize and liblognorm, I just forgot to put them into my examples, indeed