libsyslogp is a library for parsing raw syslog messages. It currently supports RFC 3164 style BSD syslog messages (and some minor variants), and has limited support for newer RFC 5424 style syslog messages. This library has been written because there seem to be no independent C libraries for parsing raw syslog messages. The most complicated part of the task is to parse the date, which comes in a variety of formats; the source code for the built-in message parser of syslog-ng proved to be an invaluable reference for this. Nevertheless, the implementation here is independent of syslog-ng.
Sagan can alert you when events are occurring in your syslogs that need your attention right away. It can store events into a Snort database, so your IDS/IPS data and log data are in the same place. This enables a single console, like Snorby or BASE, to view not only your IDS/IPS data but your log (syslog, SNMP, etc.) data as well. Sagan will correlate the data for you. It also uses 'Snort-like' rule sets, which means it is compatible with Snort rule set management software. It supports multiple output formats that any network administrator will find useful. Sagan can also stop threats based on log analysis via "Snortsam". This allows Sagan to communicate with various types of network devices (Cisco routers/ASA/etc., Linux iptables, etc).