In protecting today’s network infrastructures, organizations have a lot of shiny tools at their disposal. Firewalls, intrusion detection/prevention systems, network-based ACLs, two factor authentication, and much more. While these are great tools for detection and prevention of network intrusions, system and network logs are often overlooked. This talk will discuss using a fairly new open source (GNU/GPLv2) utility known as “Sagan” for real time log analysis.