Sagan (software)

This article needs additional citations for verification. Please help by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources:  –  ·  ·  · scholar · JSTOR (October 2014) (Learn how and when to remove this template message)

Sagan^[1] is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management softwares and give Sagan the ability to correlate with Snort IDS/IPS data.

Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.

See also[]

• Host-based intrusion detection system comparison

References[]

• Sagan User Manual
• Sagan Resources
• "Centralized and structured log file analysis with Open Source and Free Software tools" Bachelor Thesis by Jens Kühnel
• IPSS.ca "Course objectives"
• "Securing your Mikrotik Network" by Andrew Thrift (Presentation)
• HOWTO build Sagan on FreeBSD
• Sagan was one of the "top security tools" & won a "Bossie Award" from Infoworld.com.
• Installing Sagan onCentOS 5/6 (Linux) for log monitoring.
• IPSS.ca "Course objectives"
• Champ Clark talks about Sagan on "Pauldotcom Security weekly" - December, 12th, 2013.
• Linux Pro Magazine article that discusses using Sagan for log monitoring.
• Article written by Champ Clark about using Kismet, Snort and Sagan to build wireless IDS monitoring device.
• Champ Clark's guest posting on Rainer's (author of rsysyslog) blog about Sagan and log analysis.
• Log, Log, Log Everything Remotely.
• Using Sagan with Bro Intelligence feeds.
• What the Sagan Log Analysis Engine Is...and What It Is Not (Aug 2016)
• Easing the Compliance Burden :: Sagan Technology & PCI Compliance (Feb 2016)
• JunOS/ScreenOS Vulnerability Helps to Emphasize the Importance of Remote Log Storage (Dec 2015)
• Using Sagan with Netflow data.
• Reference to Sagan rule options

External links[]

• About Sagan
• Official Sagan Wiki
• Sagan flowbits
• Using Sagan with Bro Intelligence feeds
• Sagan output to other SIEMs.