Jul 22 2010 11:21AM GMT
Posted by: Dan O'Connor
cisco mars, sagan, syslog
Opensource Event Correlation System – Part 2
Posted by: Dan O'Connor
cisco mars, sagan, syslog
Ok I got it installed on FreeBSD.
Download the latest version, it should be 0.1.3 right now.
fetch http://sagan.softwink.com/download/sagan-0.1.3.tar.gz
Unpack where yo want it,
tar -xvf sagan-0.1.3.tar.gz
Next do the old configure make, but you need to add some environmental settings. (The install file does not handle this yet)
LDFLAGS=-L/usr/local/lib CFLAGS=-I/usr/local/include ./configure && make && make install
Once that is completed you need to download the rule sets and configure sagan, check out the how-to on the site.
Also you will need to install syslog-ng and setup a fifo, again this is covered in the how-to.
Once you have the rules setup and the the fifo, you are basically ready to go. I am using the email output to send the alerts for now, but I am going to need to start tuning soon.
I also setup a rc script to control the service.
Comment
RSS Feed
Email a friend
