SYNOPSIS
sagan [options]DESCRIPTION
This manual page documents briefly the sagan command.
sagan is a multi-threaded, real time system- and event-log monitoring
system, but with a twist. Sagan uses a “Snort” like rule set for
detecting malicious events happening on your network and/or computer
systems.
If Sagan detects a potentially bad event, that event can be stored to a
Snort database (MySQL/PostgreSQL), send it to a SIEM tool like Prelude,
or send an email.
Sagan is meant to be used in a ‘centralized’ logging environment, but
will work fine as part of a standalone Host IDS system for workstations.
OPTIONS
These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.- -h, --help
- Show summary of options.
- -d, --debug
- Enable debugging
- -D, --daemon
- Make process a daemon (fork to the background)
- -U, --user
- Run as user (defaults to 'sagan')
- -c, --chroot
- Chroot to username 'sagan's home
- -f, --config
- Sagan configuration file to load
- -p, --program
- Run Sagan in syslog-ng's 'program' mode
AUTHOR
sagan was written by Champ Clark III <[email protected]>This manual page was written by Pierre Chifflier <[email protected]>, for the Debian project (and may be used by others).