Sagan (software)

Original author(s)	Champ Clark III
Developer(s)	Quadrant Information Security
Stable release	2.0.1 / 8 February 2021;4 years ago (2021-02-08)
Written in	C
Operating system	Unix-like
Available in	English
Type	Log analysis
License	GNU GPL v2
Website	quadrantsec.com/sagan_log_analysis_engine

Sagan ^[1] is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management software and gives Sagan the ability to correlate with Snort IDS/IPS data.

Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.

See also

• Free Software portal

• Host-based intrusion detection system comparison

References

1. "Sagan Main Wiki". Sagan Main Wiki. Champ Clark.

• HOWTO build Sagan on FreeBSD
• Champ Clark talks about Sagan on "Pauldotcom Security weekly" - December, 12th, 2013.
• Log, Log, Log Everything Remotely.

External links

• About Sagan
• Official Sagan Wiki
• Sagan flowbits
• Using Sagan with Bro Intelligence feeds
• Sagan output to other SIEMs.