-
Notifications
You must be signed in to change notification settings - Fork 0
Notes: Sagan Post Installation
Now you have Sagan built from source and installed in /usr/local/... it is time to enable Sagan. This is done by setting up rules manually ... or by loading them from the Sagan repository. These are an extensive set of rules.
Thank You Sagan :)
cd /usr/local/etc
git clone https://github.com/beave/sagan-rules.git
Remember to read the README for a minor introduction on the Sagan Ruleset.
check the build options for sagan by simply running
sagan -h
--[Sagan version 1.1.0 | Help/usage screen]--------------------------------
-h, --help Help (this screen).
-C, --credits Sagan credits.
-d, --debug [type] Types: engine, syslog, load, fwsam, external, threads, malformed, limits, flowbit, brointel, ipc
-Q, --quiet Run Sagan in 'quiet' mode (no console output), normalize, bluedot, geoip2.
-D, --daemon Make process a daemon (fork to the background).
-u, --user [username] Run as user (defaults to 'sagan').
-c, --chroot [dir] Chroot Sagan to specified directory.
-f, --config [file] Sagan configuration file to load.
-F, --file [file] FIFO over ride. This reads a file in rather than reading from a FIFO. The file must be in the Sagan format!
-l, --log [file] sagan.log location [default: /var/log/sagan/sagan.log].
-
liblognorm (log normalization) support is included.
-
libdnet (for unified2) support is included.
-
Maxmind GeoIP2 support is included.
-
Snortsam support is included.
-
Syslog output is included.
-
Using Quadrant's Bluedot.
-
Compiled on Dec 14 2017 at 01:03:48.
welcome to the blues, commandline.be at your service