Chat with us, powered by LiveChat

Sagan Version 0-2-0 Released

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Quadrant Information Security is proud to release Sagan version 0.2.0!

What is Sagan?

Sagan is multi-threaded, real-time system and event-log monitoring software,
but with a twist. Sagan uses a “Snort” like rule set for detecting nefarious
events happening on your network and/or computer systems. If Sagan detects a
“bad thing” happening, it can do a number of things with that information. For
example, Sagan can store the information to a Snort MySQL database for viewing
with utilities like Snorby [],  it can send e-mail(s)
about the event to the appropriate personnel,  it can store to a Prelude back
end, it can also spawn external utilities, as well as numerous other things.

Sagan can also correlate the events with your Intrusion Detection/Intrusion
Prevention (IDS/IPS) system and basically acts like an SIEM (Security
Information & Log Management) system.



– Removed Logzilla support from based code.  It was decided that Logzilla is outside of the scope of the Sagan SEIM system.
– Removed –program functionality.  This only worked with syslog-ng and wasn’t terribly efficient.
– Restructured the way some data was handled.  Namely _SaganConfig, _SaganSigArgs, _SaganDebug, etc.
– Resolved some bugs with direct Snort database writes missing IP information.
– Moved Sagan source code away from SVN to github.  See &
– Fix –chroot handling.   This wasn’t working correctly and was confusing.
– Many,  many small bug fixes


Development Road Map:

– Sagan 0.2.1 future development goals:  Sagan with Snortsam support!


Big special thanks to Merlyn Cousins (AKA – DrForbin) with bug stomping/patches/
development.  He’s submitted a lot of patches and time on Sagan.

To download Sagan,  please see:

We have updated our Privacy Policy to include GDPR and the use of cookies. Click "Accept" to continue.