quadrantsec/sagan

Issues

• How does Sagan know that one log line is ending and a new beginning when reading from a FIFO?

  #96 opened 2 months ago by steverawls
  0

• Batch size in File Mode

  #95 opened 2 months ago by bryant-smith
  0

• Sagan error with client stats enabled

  #94 opened 2 months ago by hwmband
  0

• geoip include error issues

  #93 opened 3 months ago by VVelox
  0

• offload.c libcurl not deallocating memory on exit.

  #92 opened 3 months ago by beave
  0

• Sagan YAML parser checks for required variables before configuration parsing is complete

  #83 opened 6 months ago by chrisspankroy
  1

• Flexbit exhaustion - MMAP_DEFAULT 10k

  #88 opened 6 months ago by bryant-smith
  0

• negated json_meta_content key missing in log breaks detection

  #87 opened 7 months ago by bryant-smith
  1

• Have Sagan recreate the sagan.log file if it is missing.

  #86 opened 8 months ago by steverawls
  0

• Sleep function update

  #82 opened 10 months ago by bryant-smith
  1

• .rules-files array not parsed last

  #80 opened a year ago by VVelox
  3

• Report issue on error in signature

  #65 opened a year ago by MigNov
  4

• Sagan Yaml config variables that are similar

  #67 opened a year ago by bryant-smith
  1

• No event_id witout json_map

  #74 opened a year ago by bryant-smith
  1

• Issues with colons after IP and Ports

  #76 opened a year ago by bryant-smith
  1

• Bug: GeoIP crashes when encountering a 100.64.0.0/10 address.

  #79 opened a year ago by quadrantsec
  1

• Compiled with GeoIP support, but Sagan configuration lacks GeoIP

  #78 opened a year ago by m8522s
  2

• Feature Request: Track by None

  #77 opened a year ago by OGSteve
  0

• A mistake when checking an IP is valid or not

  #75 opened a year ago by UET-HDCien
  2

• Access sagan web management

  #72 opened a year ago by ToniYap
  1

• Protocol-map.c error

  #71 opened a year ago by ToniYap
  1

• Suppress Threshold Not Working Loud Large Data Sources

  #73 opened a year ago by OGSteve
  0

• hex values in meta_content and json_meta_content

  #68 opened a year ago by bryant-smith
  2

• after keyword and track by_string

  #69 opened a year ago by bryant-smith
  1

• Distance & Within are not working with meta_content

  #70 opened a year ago by OGSteve
  1

• File_Lock() at util.c:1043 might be called recursively

  #66 opened a year ago by TAnhMinh
  2

• non-json base64 decoding

  #63 opened 2 years ago by bryant-smith
  0

• Add new "sagan" key to JSON

  #62 opened 2 years ago by quadrantsec
  0

• Batch Size Affects Log Parsing

  #60 opened 2 years ago by wrharding
  4

• Documentation: batch_size configuration and how it affect processing.

  #61 opened 2 years ago by quadrantsec
  0

• Rule Normalizes without "normalize" Keyword

  #59 opened 2 years ago by wrharding
  4

• Inconsistent Variable Naming - Track by Source IP

  #58 opened 2 years ago by wrharding
  1

• Documentation: Guidance around signature writing.

  #52 opened 2 years ago by quadrantsec
  2

• Don't pre-allocate RAM for Bluedot

  #57 opened 2 years ago by quadrantsec
  0

• "bluedot" documentation is not correct.

  #41 opened 2 years ago by quadrantsec
  1

• json_content SegFault without json_parse_data

  #51 opened 2 years ago by bryant-smith
  1

• Flexbits mmap staying active after expired

  #54 opened 2 years ago by bryant-smith
  4

• Track clients isn't working

  #56 opened 2 years ago by quadrantsec
  1

• Sagan loads rules with "threshold" written incorrectly

  #48 opened 2 years ago by wrharding
  1

• Compile issue with --enable-libpcap

  #42 opened 2 years ago by quadrantsec
  1

• meta_content fails silently when missing %sagan%

  #43 opened 2 years ago by wrharding
  2

• Centos 7 - protocol.map error: 'type' not specified at line 1

  #44 opened 2 years ago by egargale
  5

• Sagan feature : Store data from after.

  #55 opened 2 years ago by quadrantsec
  0

• by_tag addition for threshold and after

  #53 opened 2 years ago by bryant-smith
  0

• meta_content and json_meta_content modifier

  #49 opened 2 years ago by bryant-smith
  2

• after and threshold tracking keys from json_map/normalization

  #47 opened 2 years ago by bryant-smith
  0

• strip character transformation

  #46 opened 2 years ago by bryant-smith
  0

• Compilation Fails When Configuring without Normalization or JSON Output

  #45 opened 2 years ago by wrharding
  1

• len or size keyword

  #38 opened 2 years ago by bryant-smith
  4

• json_pcre { } range error

  #39 opened 2 years ago by bryant-smith
  2