Searched: ^S

Results from Main web retrieved at 22:31 (GMT)

Sagan 1.0.0RC4 Feature `offset`, `depth`, `distance`, and `within` support. These options function identical to the Snort options with the same names. These options...
DNS lookups with Sagan. You`re likely here because you`re seeing the following message in your sagan.log or on the console. Sagan DNS lookup need for backup...
How is Sagan different than other log analizers? This questions seems to come up quite a bit. This short document will hopefully shed some light on the differences...
Why Sagan? In mid 2009, Information Security. staff monitored an attacker breaking into a network and modifying logs. The attacker was attempting to `hide` traces...
How to browse the Sagan development code. To browse the Sagan development code, review code changes and read change log information you can point a web browser at...
This page is out of date! Please see http://k9.io for newer information! Sagan HOWTO Compiling and installing Sagan. We`ve tried to make Sagan as simple and easy...
Simply using Sagan on your laptop or workstation..... When I say, `simply`, I mean running Sagan in it`s most basic way. In this short article, we`re not going to...
1. Introduction We`ve tried to make Sagan as simple and easy to use as possible. For the most part, compiling and installation is done your typical Unix way. That...
Sagan related links: https://isc.sans.edu/forums/diary/Sagan as a Log Normalizer/17039 `Sagan as a Log Normalizer` (Nov 16th, 2013) http://infosecmatters.blogspot...
Welcome To The Sagan Wiki: What is Sagan: `Sagan is an open source (GNU/GPLv2) high performance, real time log analysis correlation engine that run under nix...
Note: If you are not familiar with Sagan, you may want to check out the Sagan site first: http://sagan.quadrantsec.com What is Netflow? `Routers and switches that...
Manging Sagan rule sets with Oinkmaster is incredibly similar to managing Snort rules with Oinkmaster (suprising, eh?). Below is a small example oinkmaster configuration...
Sagan; Sagan Videos/Audio Links to videos/audio about the Sagan project (Conferences, podcast, etc)
Sagan on laptops and workstations.....main site) Sagan has been designed to deal with large volumes of logs while being as memory and CPU efficent as possible. For...
GeoIP support. This allows Sagan to use the Maxmind GeoIP country lookup database. This means that Sagan can track log events via geographic location of the source...
`How to use Sagan with `rsyslog` When development for Sagan was started, we where primarily using . However, `syslog ng` isn`t the only modern Syslog engine out there...
New Microsoft Forefront UAG Authentication failures, brute force and illegal URL outside policy rules. New Microsoft UAG GeoIP rules added Successful logins...
Sagan rule options and definitions: {alert drop} alert tcp $EXTERNAL NET any $HOME NET 22 The first statement of a rule contains either `alert` or `drop...
Sagan rules Understanding how Sagan rules is fairly simple. However, there are some simple `rules` to creating rules which allow Sagan to very efficiently. As you...
Sagan no longer uses SVN. Sagan now uses git/github.com For more information, please see: SaganGIT
SyslogNGConfig How to configure Syslog ng to receive syslog message over a network and have Sagan parse them. ChampClark 2010 06 25
This page is out of date! Please see http://k9.io for newer information! Sagan Rule Set Tips If you`re familiar with how Snort rule sets function, then you already...
Sagan `TODO` list.... Perfmon support Which could be good for generating pretty pictures :) Report non reporting devices Processors that sends an `alert...
Sagan related videos from conferences, user group meetings, etc. http://traffic.libsyn.com/pauldotcom/PaulDotCom 356 Part1.mp3 Champ Clark talks about Sagan...
TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach...
`rescue in load spec files`: http://github.com/Snorby/snorby cas authenticatable.git ChampClark 2012 02 14
`The syslog ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.` ChampClark...
Number of topics: 27

Topic revision: r34 - 2016-04-28 - ChampClark
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback