Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Welcome to the "Sagan Rules" README file ---------------------------------------- This is the Git repository for the Sagan engine rule sets. You probably won't find these useful unless you're actually using Sagan! For more information, check out the Sagan main web site at: http://sagan.quadrantsec.com Github related site: http://github.com/beave/sagan What is Sagan? -------------- Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Sourcefire "Snort" IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort IDS/IPS system. Since Sagan can write to Snort IDS/IPS databases via unified2/barnyard2, it is compatible with all Snort "consoles". For example, Sagan is compatible with Snorby [http://www.snorby.org], Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS framework! (to name a few). Sagan supports many different output formats, log normalization (via liblognorm), script execution on event and automatic firewall support via "Snortsam" (see http://www.snortsam.net). For more information, please visit the Sagan web site: http://sagan.quadrantsec.com.