Chat with us, powered by LiveChat

Sagan Version 0-2-0 Released

Quadrant Information Security is proud to release Sagan version 0.2.0!

What is Sagan?

Sagan is multi-threaded, real-time system and event-log monitoring software,
but with a twist. Sagan uses a “Snort” like rule set for detecting nefarious
events happening on your network and/or computer systems. If Sagan detects a
“bad thing” happening, it can do a number of things with that information. For
example, Sagan can store the information to a Snort MySQL database for viewing
with utilities like Snorby [],  it can send e-mail(s)
about the event to the appropriate personnel,  it can store to a Prelude back
end, it can also spawn external utilities, as well as numerous other things.

Sagan can also correlate the events with your Intrusion Detection/Intrusion
Prevention (IDS/IPS) system and basically acts like an SIEM (Security
Information & Log Management) system.



– Removed Logzilla support from based code.  It was decided that Logzilla is outside of the scope of the Sagan SEIM system.
– Removed –program functionality.  This only worked with syslog-ng and wasn’t terribly efficient.
– Restructured the way some data was handled.  Namely _SaganConfig, _SaganSigArgs, _SaganDebug, etc.
– Resolved some bugs with direct Snort database writes missing IP information.
– Moved Sagan source code away from SVN to github.  See &
– Fix –chroot handling.   This wasn’t working correctly and was confusing.
– Many,  many small bug fixes


Development Road Map:

– Sagan 0.2.1 future development goals:  Sagan with Snortsam support!


Big special thanks to Merlyn Cousins (AKA – DrForbin) with bug stomping/patches/
development.  He’s submitted a lot of patches and time on Sagan.

To download Sagan,  please see:

We have updated our Privacy Policy to include GDPR and the use of cookies. Click "Accept" to continue.