SAGAN(8) System Manager's Manual SAGAN(8)NAME
sagan - Real-time System & Event Log Monitoring System
This manual page documents briefly the sagan command.
sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for
detecting malicious events happening on your network and/or computer systems.
If Sagan detects a potentially bad event, that event can be stored to a Snort database (MySQL/PostgreSQL), send it to a SIEM tool like Pre-
lude, or send an email.
Sagan is meant to be used in a 'centralized' logging environment, but will work fine as part of a standalone Host IDS system for worksta-
These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is
Show summary of options.
Make process a daemon (fork to the background)
Run as user (defaults to 'sagan')
Chroot to username 'sagan's home
Sagan configuration file to load
Run Sagan in syslog-ng's 'program' mode
sagan was written by Champ Clark III <email@example.com>
This manual page was written by Pierre Chifflier <firstname.lastname@example.org>, for the Debian project (and may be used by others).
February 15, 2011 SAGAN(8)
I've been trying to get Snort running on my lab network, but haven't been having much luck.
I installed Snort 2.9.14 on both Windows 10 & Ubuntu 18.04 (Running in VirtualBox 5.2.22). I seems to have the snort.conf file set up correctly in both environments, because when I test snort in either... (1 Reply)