Sagan is billed as the advanced Suricata/Snort like log analysis engine.
It uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan’s structure and rules work similarly to the Snort or Suricata IDS/IPS engines. It maintains compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort/Suricata IDS/IPS system.
Sagan is free and open source software.
Key Features
- Automate log management:
- Supports many different output formats.
- Log normalization.
- Script execution on event detection.
- GeoIP detection/alerting.
- Multi-line log support.
- Time sensitive alerting.
- Multi-threaded architecture allows it to use all CPUs / cores for real-time log processing.
- CPU and memory resources are lightweight.
- Built in JSON parsing.
- Similar rule syntax to Cisco’s “Snort” which allows for easy rule management and correlation with Snort or Suricata IDS / IPS systems.
- Store alert data in Cisco’s “Snort” native “unified2” binary data format or Suricata’s JSON format for easier log-to-packet correlation.
- Intra-Process communications between Sagan processes to share data. Sagan can also use Redis (beta) to share data between Sagan instances within a network.
- Compatible with popular graphical-base security consoles like Snorby, BASE, Sguil, and EveBox.
Website: github.com/quadrantsec/sagan
Support:
Developer: Quadrant Information Security
License: GNU General Public License v2.0
Sagan is written in C. Learn C with our recommended free books and free tutorials.
Related Software
| Network Intrusion Detection Systems | |
|---|---|
| Snort | Intrusion detection/prevention with real-time traffic analysis/packet logging |
| Suricata | High performance Network IDS, IPS and Network Security Monitoring engine |
| Zeek | (formerly Bro) Powerful network analysis framework |
| Mailtrail | Lightweight malicious traffic detection system |
| Security Onion | Platform built by defenders for defenders |
| Kismet | Wireless intrusion detection, wireless network and device detector, and more |
| psad | Intrusion detection and log analysis with iptables |
| Sagan | Multi-threads, high performance log analysis engine |
Read our verdict in the software roundup.
| Host-Based Intrusion Detection Systems | |
|---|---|
| Wazuh | Platform used for threat prevention, detection, and response |
| OSSEC | Full platform to monitor and control your systems. |
| AIDE | Advanced Intrusion Detection Environment |
| Logwatch | Powerful and versatile log parser and analyzer |
| Samhain | File integrity checking and log file monitoring/analysis and more |
| Sagan | Multi-threads, high performance log analysis engine |
| Tripwire | Security and data integrity tool |
| rkhunter | Scans for rootkits, backdoors and possible local exploits |
| chkrootkit | Locally checks for signs of a rootkit |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |