Home > IT Blogs > Irregular Expressions > Opensource Event Correlation System – Part 3
>>VIEW ALL POSTS  

Irregular Expressions

«
»
Jul 22 2010   11:31AM GMT

Opensource Event Correlation System – Part 3



Posted by: Dan O'Connor
sagan

Here is the rc file that I created for it.

#!/bin/sh

# PROVIDE: sagan
#

. /etc/rc.subr

name="sagan"
rcvar=${name}_enable

load_rc_config $name

: ${sagan_enable="NO"}

start_cmd=${name}_start
stop_cmd=${name}_stop
sagancmd="/usr/local/bin/sagan"

sagan_start() {
        chown sagan:sagan /var/log/sagan/log.fifo
        ${sagancmd} &
}

sagan_stop() {
        killall sagan
}

run_rc_command "$1"

Just make sure you enable the service in your /etc/rc.conf file, or you might have a problem :)

You can also start making your own rule sets and rules, the how-to has a good deal of information on this.  I created one already.

It was really quick and if you are used to created rules for snort it should not be a problem.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment: