Software:Sagan
From HandWiki
Short description: Log analysis software
Original author(s) | Champ Clark III |
---|---|
Developer(s) | Quadrant Information Security |
Stable release | 2.0.1
/ 8 February 2021 |
Written in | C |
Operating system | Unix-like |
Available in | English |
Type | Log analysis |
License | GNU GPL v2 |
Website | quadrantsec |
Sagan[1] is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management softwares and give Sagan the ability to correlate with Snort IDS/IPS data.
Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.
See also
References
- Sagan User Manual
- Sagan Resources
- "Centralized and structured log file analysis with Open Source and Free Software tools" Bachelor Thesis by Jens Kühnel
- IPSS.ca "Course objectives"
- "Securing your Mikrotik Network" by Andrew Thrift (Presentation)
- HOWTO build Sagan on FreeBSD
- Sagan was one of the "top security tools" & won a "Bossie Award" from Infoworld.com.
- Installing Sagan onCentOS 5/6 (Linux) for log monitoring.
- IPSS.ca "Course objectives"
- Champ Clark talks about Sagan on "Pauldotcom Security weekly" - December, 12th, 2013.
- Linux Pro Magazine article that discusses using Sagan for log monitoring.
- Article written by Champ Clark about using Kismet, Snort and Sagan to build wireless IDS monitoring device.
- Champ Clark's guest posting on Rainer's (author of rsysyslog) blog about Sagan and log analysis.
- Log, Log, Log Everything Remotely.
- Using Sagan with Bro Intelligence feeds.
- What the Sagan Log Analysis Engine Is...and What It Is Not (Aug 2016)
- Easing the Compliance Burden :: Sagan Technology & PCI Compliance (Feb 2016)
- JunOS/ScreenOS Vulnerability Helps to Emphasize the Importance of Remote Log Storage (Dec 2015)
- Using Sagan with Netflow data.
- Reference to Sagan rule options
External links
- About Sagan
- Official Sagan Wiki
- Sagan flowbits
- Using Sagan with Bro Intelligence feeds
- Sagan output to other SIEMs.