Posted by: Dan O'Connor
sagan event correlation
This application was mentioned on the isc.sans.edu blog, I finally had some time to read it and it looks really nice.
It’s the same idea as a Cisco Mars or RSA Envision system, it uses snort styled rules to parse syslog information and generate alerts and logging.
I am going to be installing this soon, I can’t wait to start going through my logs and generating alerts!