Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
26 lines (20 sloc) 1.12 KB
Welcome to the README file
--------------------------
What is Sagan?
Sagan is an open source (GNU/GPLv2) high performance, real-time log
analysis & correlation engine. It is written in C and uses a
multi-threaded architecture to deliver high performance log & event
analysis. The Sagan structure and Sagan rules work similarly to the
Sourcefire "Snort" IDS engine. This was intentionally done to maintain
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS
system. Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it is compatible with all
Snort "consoles". For example, Sagan is compatible with Snorby
[http://www.snorby.org], Sguil [http://sguil.sourceforge.net], BASE,
and the Prelude IDS framework! (to name a few).
Sagan supports many different output formats, log normalization
(via liblognorm), script execution on event and automatic firewall
support via "Snortsam" (see http://www.snortsam.net).
For more information, please visit the Sagan web site:
http://sagan.quadrantsec.com.
Jump to Line
Something went wrong with that request. Please try again.