| Sagan | |
| Author: | Champ Clark III |
| Developer: | Quadrant Information Security |
| Latest Release Version: | 2.0.1 |
| Programming Language: | C |
| Operating System: | Unix-like |
| Language: | English |
| Genre: | Log analysis |
| License: | GNU GPL v2 |
Sagan[1] is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management softwares and give Sagan the ability to correlate with Snort IDS/IPS data.
Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.