Sagan (software)

{{Short description|Log analysis software}}

{{refimprove|date=October 2014}}

{{Inline citations|date=July 2024}}

{{Infobox software

| title =

| name = Sagan

| logo =

| logo caption =

| screenshot =

| caption =

| collapsible =

| author = Champ Clark III

| developer = Quadrant Information Security

| released =

| discontinued =

| latest release version = 2.0.1

| latest release date = {{release date and age|2021|02|08|df=yes}}

| latest preview version =

| latest preview date =

| programming language = C

| operating system = Unix-like

| platform =

| size =

| language = English

| language count =

| language footnote =

| genre = Log analysis

| license = GNU GPL v2

| website = {{URL|https://quadrantsec.com/sagan_log_analysis_engine}}

| standard =

| AsOf =

| logo_size =

| logo_alt =

| screenshot_size =

| screenshot_alt =

}}

Sagan{{cite web|title=Sagan Main Wiki|url=https://wiki.quadrantsec.com/bin/view/Main/SaganMain|website=Sagan Main Wiki|publisher=Champ Clark|ref=Sagan}} is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management software and gives Sagan the ability to correlate with Snort IDS/IPS data.

Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.