Bug 198741

Summary:

New port: security/sagan: Security tool to alert on log files

Product:

Ports & Packages

Reporter:

shadowbq

Component:

Individual Port(s)

Assignee:

Walter Schwarzenfeld <w.schwarzenfeld>

Status:

Closed Overcome By Events

Severity:

Affects Only Me

CC:

cs, w.schwarzenfeld

Priority:

---

Keywords:

needs-qa

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Initial Shar file	none

Description shadowbq 2015-03-20 15:30:22 UTC

Created attachment 154580 [details]
Initial Shar file

Sagan uses a 'Snort like' engine and rules to analyze logs.

Sagan is an open source (GNU/GPLv2) high performance, real-time log
analysis & correlation engine.  It is written in C and uses a
multi-threaded architecture to deliver high performance log & event
analysis.

The Sagan structure and Sagan rules work similarly to the
Sourcefire "Snort" IDS engine. This was intentionally done to maintain
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS
system. Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2, it is compatible with all Snort "consoles".
For example, Sagan is compatible with Snorby [http://www.snorby.org],
Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS
framework! (to name a few).

For more information, please visit the Sagan web site:
WWW: http://sagan.quadrantsec.com.

Comment 1 Carlo Strub freebsd_committer

2015-09-15 23:46:06 UTC

Could you please provide build logs (preferably poudriere logs).

Comment 2 Walter Schwarzenfeld 2018-01-14 04:26:06 UTC

Last statement from 2015-03-20. Feedback timeout?

Comment 3 Walter Schwarzenfeld 2018-03-05 19:28:29 UTC

The Makefile is outdated with deprecated commands. Does not fetch. Feedback timeout. I close here with overcome by events.

If you want submit the port in a newer version, please open a new PR.