sagan(8) sagan(8)
NAME
sagan - Real-time System & Event Log Monitoring System
SYNOPSIS
sagan [options]
DESCRIPTION
This manual page documents briefly the sagan command. sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for detecting malicious events happening on your network and/or computer systems. If Sagan detects a potentially bad event, that event can be stored to a Snort database (MySQL/PostgreSQL), send it to a SIEM tool like Prelude, or send an email. Sagan is meant to be used in a "centralized" logging environment, but will work fine as part of a standalone Host IDS system for worksta- tions.
OPTIONS
These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. -h, --help Show summary of options. -d, --debug [option] Enable debugging. Options are syslog, load, fwsam, sql, smtp, normalize and plog -D, --daemon Make process a daemon (fork to the background) -u, --user [username] Run as user (defaults to 'sagan') -c, --chroot [directory] Chroots the Sagan process to the specified directory -f, --config [file] Sagan configuration file to load -F, --file [file] Sagan FIFO over ride. This forces Sagan to read from a FILE rather than a FIFO. The FILE needs to be in the Sagan format! -l, --log [file] Set log file locaton and name.
AUTHOR
Sagan was written by Champ Clark III <cclark@quadrantsec.com> This manual page was written by Pierre Chifflier <pollux@debian.org>, for the Debian project (and may be used by others). April 15, 2012 sagan(8)
sagan 0.3.0 - Generated Thu Nov 21 16:06:35 CST 2013