quadrantsec/sagan
Sagan is a multi-threads, high performance log analysis engine. At it's core, Sagan similar to Suricata/Snort but with logs rather than network packets.
CGPL-2.0
Issues
- 3
.rules-files array not parsed last
#80 opened by VVelox - 4
Report issue on error in signature
#65 opened by MigNov - 1
Sagan Yaml config variables that are similar
#67 opened by bryant-smith - 1
No event_id witout json_map
#74 opened by bryant-smith - 1
Issues with colons after IP and Ports
#76 opened by bryant-smith - 1
- 2
- 0
Feature Request: Track by None
#77 opened by OGSteve - 2
A mistake when checking an IP is valid or not
#75 opened by UET-HDCien - 1
Access sagan web management
#72 opened by ToniYap - 1
Protocol-map.c error
#71 opened by ToniYap - 0
- 2
- 1
after keyword and track by_string
#69 opened by bryant-smith - 1
- 2
- 0
non-json base64 decoding
#63 opened by bryant-smith - 0
Add new "sagan" key to JSON
#62 opened by quadrantsec - 4
Batch Size Affects Log Parsing
#60 opened by wrharding - 0
- 4
Rule Normalizes without "normalize" Keyword
#59 opened by wrharding - 1
- 2
- 0
Don't pre-allocate RAM for Bluedot
#57 opened by quadrantsec - 1
"bluedot" documentation is not correct.
#41 opened by quadrantsec - 1
- 4
Flexbits mmap staying active after expired
#54 opened by bryant-smith - 1
Tracking username by xbit
#33 opened by qiscwalk - 1
"track-client" by IP
#32 opened by quadrantsec - 1
Track clients isn't working
#56 opened by quadrantsec - 1
- 1
Compile issue with --enable-libpcap
#42 opened by quadrantsec - 2
- 5
- 0
Sagan feature : Store data from after.
#55 opened by quadrantsec - 0
by_tag addition for threshold and after
#53 opened by bryant-smith - 2
meta_content and json_meta_content modifier
#49 opened by bryant-smith - 0
- 0
strip character transformation
#46 opened by bryant-smith - 1
- 4
len or size keyword
#38 opened by bryant-smith - 1
-L command line option log directory override
#37 opened by bryant-smith - 2
json_pcre { } range error
#39 opened by bryant-smith - 0
BUG: Better error checking at load.
#36 opened by quadrantsec - 0
json_endswith / json_startswith
#35 opened by quadrantsec - 0
After: Have "after" store alert data.
#34 opened by quadrantsec - 0
Documentation New --test option
#31 opened by quadrantsec - 3
Better checking for alert type.
#30 opened by quadrantsec - 0
"Single Threaded Mode" would be nice.
#29 opened by quadrantsec - 0