IWar is a "war dialer" used for auditing your PSTN (phone) network. Its features include random/sequential dialing, Voice over IP using the IAX2 (Intra-Asterisk eXchange) protocol, ASCII flat file and MySQL logging, a curses-based front end, key stroke marking, multiple modem support, several methods of "tone detection", save/load state, banner detections (to determine remote system types) and blacklist support.
Sagan is a high performance, real-time log analysis and correlation engine. It uses a multi-threaded architecture to deliver high performance log and event analysis. Its structure and rules are similar to those of the Sourcefire "Snort" IDS/IPS engine. This provides compatibility with rule management software (Oinkmaster, PulledPork, etc.) and allows Sagan to correlate log events with your Snort IDS/IPS system. Sagan can also write to Snort IDS/IPS databases via Unified2/Barnyard2. Sagan is compatible with all Snort "consoles" including Snorby, Sguil, BASE, and the Prelude IDS framework. It supports many different output formats, log normalization (via liblognorm), script execution on event detection, automatic firewall support via "Snortsam", GeoIP detection/alerting, multi-line log support, time sensitive alerting, and much more.
Sagan version 0.2.1 has been released. Now with active firewalling support (Cisco/iptables/etc) via Snortsam. Better direct SQL logging. New "after:" rule option introduced. For more information please see: http://groups.google.com/group/sagan-users/browse_thread/thread/f1f66000cc893634
Sagan version 0.1.8 has been released along with new rule sets. This release includes syslog 'sniffing', Unified2 output and liblognorm (log normalization). Please see http://sagan.softwink.com for more information.