Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 5898154a2a
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 28 lines (20 sloc) 1.147 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Welcome to the README file
--------------------------

What is Sagan?

Sagan is an open source (GNU/GPLv2) high performance, real-time log
analysis & correlation engine. It is written in C and uses a
multi-threaded architecture to deliver high performance log & event
analysis. The Sagan structure and Sagan rules work similarly to the
Sourcefire "Snort" IDS engine. This was intentionally done to maintain
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS
system. Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it is compatible with all
Snort "consoles". For example, Sagan is compatible with Snorby
[http://www.snorby.org], Sguil [http://sguil.sourceforge.net], BASE,
 and the Prelude IDS framework! (to name a few).

Sagan supports many different output formats, log normalization
(via liblognorm), script execution on event and automatic firewall
support via "Snortsam" (see http://www.snortsam.net).

For more information, please visit the Sagan web site:
http://sagan.quadrantsec.com.



Something went wrong with that request. Please try again.