Irregular Expressions

Jul 22 2010   11:21AM GMT

Opensource Event Correlation System – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Ok I got it installed on FreeBSD.

Download the latest version, it should be 0.1.3 right now.


Unpack where yo want it,

tar -xvf sagan-0.1.3.tar.gz

Next do the old configure make, but you need to add some environmental settings. (The install file does not handle this yet)

LDFLAGS=-L/usr/local/lib CFLAGS=-I/usr/local/include ./configure && make && make install

Once that is completed you need to download the rule sets and configure sagan, check out the how-to on the site.

Also you will need to install syslog-ng and setup a fifo, again this is covered in the how-to.

Once you have the rules setup and the the fifo, you are basically ready to go. I am using the email output to send the alerts for now, but I am going to need to start tuning soon.

I also setup a rc script to control the service.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: