Skip to content
forked from beave/sagan

Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)

License

Notifications You must be signed in to change notification settings

red8383light/sagan

 
 

Repository files navigation

Welcome to the README file
--------------------------

What is Sagan? 

Sagan is an open source (GNU/GPLv2) high performance, real-time log 
analysis & correlation engine.  It is written in C and uses a 
multi-threaded architecture to deliver high performance log & event 
analysis. The Sagan structure and Sagan rules work similarly to the 
Sourcefire "Snort" IDS engine. This was intentionally done to maintain 
compatibility with rule management software (oinkmaster/pulledpork/etc)
and allows Sagan to correlate log events with your Snort IDS/IPS 
system. Since Sagan can write to Snort IDS/IPS databases via 
unified2/barnyard2, it is compatible with all Snort "consoles". 
For example, Sagan is compatible with Snorby [http://www.snorby.org],
Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS 
framework! (to name a few).

Sagan supports many different output formats,  log normalization 
(via liblognorm),  GeoIP detection, script execution on event and
automatic firewall support via "Snortsam" 
(see http://www.snortsam.net).  

Sagan uses the GNU "artisic style". 

For more information, please visit the Sagan web site: 
http://sagan.quadrantsec.com. 

If you're looking for Sagan rules on Github,  they are located at:

https://github.com/beave/sagan-rules

About

Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 90.7%
  • M4 3.1%
  • Perl 2.2%
  • Assembly 2.0%
  • Shell 1.0%
  • Makefile 0.6%
  • Other 0.4%