 | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Sagan" software – news · newspapers · books · scholar · JSTOR (October 2014) (Learn how and when to remove this message) |
 | This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (July 2024) (Learn how and when to remove this message) |
| Original author(s) | Champ Clark III |
|---|---|
| Developer(s) | Quadrant Information Security |
| Stable release | 2.0.1 / 8 February 2021; 3 years ago (2021-02-08) |
| Written in | C |
| Operating system | Unix-like |
| Available in | English |
| Type | Log analysis |
| License | GNU GPL v2 |
| Website | quadrantsec |
Sagan is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management software and gives Sagan the ability to correlate with Snort IDS/IPS data.
Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.
See also
References
- "Sagan Main Wiki". Sagan Main Wiki. Champ Clark.
- Sagan User Manual
- Sagan Resources
- "Centralized and structured log file analysis with Open Source and Free Software tools" Bachelor Thesis by Jens Kühnel
- IPSS.ca "Course objectives"
- "Securing your Mikrotik Network" by Andrew Thrift (Presentation)
- HOWTO build Sagan on FreeBSD
- Sagan was one of the "top security tools" & won a "Bossie Award" from Infoworld.com.
- Installing Sagan onCentOS 5/6 (Linux) for log monitoring.
- IPSS.ca "Course objectives"
- Champ Clark talks about Sagan on "Pauldotcom Security weekly" - December, 12th, 2013.
- Linux Pro Magazine article that discusses using Sagan for log monitoring.
- Article written by Champ Clark about using Kismet, Snort and Sagan to build wireless IDS monitoring device.
- Champ Clark's guest posting on Rainer's (author of rsysyslog) blog about Sagan and log analysis.
- Log, Log, Log Everything Remotely.
- Using Sagan with Bro Intelligence feeds.
- What the Sagan Log Analysis Engine Is...and What It Is Not (Aug 2016)
- Easing the Compliance Burden :: Sagan Technology & PCI Compliance (Feb 2016)
- JunOS/ScreenOS Vulnerability Helps to Emphasize the Importance of Remote Log Storage (Dec 2015)
- Using Sagan with Netflow data.
- Reference to Sagan rule options
External links
- About Sagan
- Official Sagan Wiki
- Sagan flowbits
- Using Sagan with Bro Intelligence feeds
- Sagan output to other SIEMs.