1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH SAGAN 8 "February 15, 2011"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
sagan \- Real-time System & Event Log Monitoring System
.SH SYNOPSIS
.B sagan
.RI [ options ]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B sagan
command.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBsagan\fP is a multi-threaded, real time system- and event-log monitoring
system, but with a twist. Sagan uses a “Snort” like rule set for
detecting malicious events happening on your network and/or computer
systems.
.br
If Sagan detects a potentially bad event, that event can be stored to a
Snort database (MySQL/PostgreSQL), send it to a SIEM tool like Prelude,
or send an email.
.br
Sagan is meant to be used in a ‘centralized’ logging environment, but
will work fine as part of a standalone Host IDS system for workstations.
.SH OPTIONS
These programs follow the usual GNU command line syntax, with long
options starting with two dashes (`-').
A summary of options is included below.
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-d, \-\-debug
Enable debugging
.TP
.B \-D, \-\-daemon
Make process a daemon (fork to the background)
.TP
.B \-U, \-\-user
Run as user (defaults to 'sagan')
.TP
.B \-c, \-\-chroot
Chroot to username 'sagan's home
.TP
.B \-f, \-\-config
Sagan configuration file to load
.TP
.B \-p, \-\-program
Run Sagan in syslog-ng's 'program' mode
.SH AUTHOR
sagan was written by Champ Clark III <champ@softwink.com>
.PP
This manual page was written by Pierre Chifflier <pollux@debian.org>,
for the Debian project (and may be used by others).
|