Difference: SaganTODO (9 vs. 10)

Revision 102012-12-27 - ChampClark

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Sagan "TODO" list....

Perfmon support - Which could be good for generating pretty pictures smile

Changed:
<
<
Report non-reporting devices - Processors that sends an "alert" when it "sees" a device stop reporting for X amount of time.
>
>
Report non-reporting devices - Processors that sends an "alert" when it "sees" a device stop reporting for X amount of time . Done with "processor" support.
  More than average - Processor that alerts when an abnormal amount of alerts are being reported.
Line: 17 to 16
  Statistical analysis of events - Many interesting things can be detected by statistical analysis.
Changed:
<
<
Support Snort's Unified2 output - Support for Snort's 'Unified2' output format. This would allow programs like Barnyard2 to read/queue events which could then be fed to a database, other output formats, Sguil, etc. [Completed as of version 0.1.8]
>
>
Support Snort's Unified2 output - Support for Snort's 'Unified2' output format. This would allow programs like Barnyard2 to read/queue events which could then be fed to a database, other output formats, Sguil, etc. [Completed as of version 0.1.8]
 
Changed:
<
<
Logzilla / php-syslog-ng output - Log Sagan events to the Logzilla/php-syslog-ng format. Should be easy to do, and give another type of console for viewing events. [Completed as of Sagan version 0.1.1 (?) ] - Update: Support Dropped in version 0.1.9.
>
>
Logzilla / php-syslog-ng output - Log Sagan events to the Logzilla/php-syslog-ng format. Should be easy to do, and give another type of console for viewing events. [Completed as of Sagan version 0.1.1 (?) ] - Update: Support Dropped in version 0.1.9.
 
Changed:
<
<
Thresholding! - This is probably going to be a badly needed item. There's no sense in being flooding with the same information over and over again! [Completed as of version 0.1.7] (Has 'limit', but no 'threshold')
>
>
Thresholding! - This is probably going to be a badly needed item. There's no sense in being flooding with the same information over and over again! [Completed as of version 0.1.7] (Has 'limit', but no 'threshold')
 
Changed:
<
<
Syslog/UDP replay add on - A program, separate and external to Sagan, that'll 'sniff' the network interface for UDP/514 Syslog traffic. If traffic is seen, capture the packet and reply it to another Syslog server. Such a program is useful in pre-setup syslog environments. [Completed as of version 0.1.8]
>
>
Syslog/UDP replay add on - A program, separate and external to Sagan, that'll 'sniff' the network interface for UDP/514 Syslog traffic. If traffic is seen, capture the packet and reply it to another Syslog server. Such a program is useful in pre-setup syslog environments. [Completed as of version 0.1.8]
 
Changed:
<
<
Mulitple configuration files - For example, a command line --config flag [Completed as of version 0.1.5(?)] Thread search - thread the pcre/content stuff to better use multiple CPUs
>
>
Mulitple configuration files - For example, a command line --config flag [Completed as of version 0.1.5(?)] Thread search - thread the pcre/content stuff to better use multiple CPUs
 
Changed:
<
<
PIX/ASA parser - to extract PIX/ASA IP/Port information [Not needed. Covered by liblognorm support as of version 0.1.8]
>
>
PIX/ASA parser - to extract PIX/ASA IP/Port information [Not needed. Covered by liblognorm support as of version 0.1.8]
 
Changed:
<
<
*Sguil agent - [Probably not needed. Covered by Unified2 output format as of version 0.1.8]
>
>
Sguil agent - *[Probably not needed. Covered by Unified2 output format as of version 0.1.8]
 
Changed:
<
<
*Prelude Framework support [Competed as of version 0.1.7]
>
>
Prelude Framework support *[Competed as of version 0.1.7]
  -- ChampClark - 2010-06-23
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback