Sagan is a multi-threaded, real time system and event log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for detecting bad things happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system.

http://sagan.softwink.com/
SnortライクなIDS/IPSというのが売りみたいですが、これはちょっと興味があるな。
まだβ版扱いみたいですけど、しばらくウォッチします。