Home

Awesome

<pre> @@@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@ @@! @@! @@! @@! @@! @@! @@@ Quadrant Information Security @!! !!@ @!@ @!!!:! @!!!:! @!@!!@a https://quadrantsec.com !!: !!: !!: !!: !!: :!a Copyright (C) 2018-2023 : : : :: :: : :: :: : : : </pre>

Join the Meer Discord channel

Discord

Meer Documentation

Meer "Read The Docs! https://meer.readthedocs.io

What is “Meer”.

"Meer" is a dedicated data broker for the Suricata <https://suricata-ids.org>_ IDS/IPS systems and the Sagan <https://sagan.io/> log analysis engine.

Meer takes EVE data (JSON) from Suricata or Sagan (via an input-plugin), augments it by enriching it with DNS, GeoIP, and other information (via the meer-core), and then pushes the data to a database (via a output-plugin) of your choice.

Meer is written in C which makes it fast and very light weight. This makes is suitable for processing data on systems with limited resource.

Meer input-plugins that are currently supported are Suricata/Sagan EVE ("spool") files and Redis.

Meer output-plugins that are currently supported are Elasticsearch, Opensearch, Zincsearch (https://github.com/zinclabs/zinc), Redis, named pipes, files, and "external" programs. Meer release 1.0.0 supports SQL (MariaDB, MySQL and PostgreSQL) that is compatible with older "Barnyard2" systems. Meer versions after 1.0.0 do not support SQL.

Input Plugins

Output Plugins:

Current Features:

Future "output" support:

Meer is under development. This is our brief "road-map" of what we would like to see Meer do. If you have any ideas or requests, please let us know via our "issues" page (https://github.com/quadrantsec/meer/issues).

Support: