Sagan can alert you when events are occurring in your syslogs that need your attention right away. It can store events into a Snort database, so your IDS/IPS data and log data are in the same place. This enables a single console, like Snorby or BASE, to view not only your IDS/IPS data but your log (syslog, SNMP, etc.) data as well. Sagan will correlate the data for you. It also uses 'Snort-like' rule sets, which means it is compatible with Snort rule set management software. It supports multiple output formats that any network administrator will find useful. Sagan can also stop threats based on log analysis via "Snortsam". This allows Sagan to communicate with various types of network devices (Cisco routers/ASA/etc., Linux iptables, etc).