Sagan is billed as the advanced Suricata/Snort like log analysis engine.
It uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan’s structure and rules work similarly to the Snort or Suricata IDS/IPS engines. It maintains compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort/Suricata IDS/IPS system.
Sagan is free and open source software.
- Automate log management:
- Supports many different output formats.
- Log normalization.
- Script execution on event detection.
- GeoIP detection/alerting.
- Multi-line log support.
- Time sensitive alerting.
- Multi-threaded architecture allows it to use all CPUs / cores for real-time log processing.
- CPU and memory resources are lightweight.
- Built in JSON parsing.
- Similar rule syntax to Cisco’s “Snort” which allows for easy rule management and correlation with Snort or Suricata IDS / IPS systems.
- Store alert data in Cisco’s “Snort” native “unified2” binary data format or Suricata’s JSON format for easier log-to-packet correlation.
- Intra-Process communications between Sagan processes to share data. Sagan can also use Redis (beta) to share data between Sagan instances within a network.
- Compatible with popular graphical-base security consoles like Snorby, BASE, Sguil, and EveBox.
Developer: Quadrant Information Security
License: GNU General Public License v2.0
|New to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.|
|The largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions.|
|Hundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.|
|Replace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.|
|Linux Around The World showcases events and usergroups that are relevant to Linux enthusiasts.|
|Surveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal.|
|Saving Money with Linux looks at how you can reduce your energy bills running Linux.|
|Essential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.|
|Linux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.|
|Home computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.|
|Now and Then examines how promising open source software fared over the years. It can be a bumpy ride.|
|Linux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.|
|Linux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.|
|Getting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.|
|Best Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.|
|These best free books accelerate your learning of every programming language. Learn a new language today!|
|These free tutorials offer the perfect tonic to our free programming books series.|
|Stars and Stripes is an occasional series looking at the impact of Linux in the USA.|