Sagan is a multi-threaded, real time system and event log monitoring
system, but with a twist. Sagan uses a "Snort" like rule set for
detecting bad things happening on your network and/or computer systems.
If Sagan detects a "bad thing" happening, that event can be stored to a
Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate
the event with your Snort Intrusion Detection/Intrusion Prevention
(IDS/IPS) system. Sagan is basically a SIEM (Security Information & Log
Management) system.