Syslog4j provides Java components for client and server implementations of the syslog protocol (RFC 3164). UDP/IP, TCP/IP, TCP/IP over SSL/TLS, Unix Syslog, and Unix Socket Logging are supported. Advanced options are provided, including cryptographic message signatures and hashes. It is heavily tested with JUnit and Emma code coverage.
Sagan can alert you when events are occurring in your syslogs that need your attention right away. It can store events into a Snort database, so your IDS/IPS data and log data are in the same place. This enables a single console, like Snorby or BASE, to view not only your IDS/IPS data but your log (syslog, SNMP, etc.) data as well. Sagan will correlate the data for you. It also uses 'Snort-like' rule sets, which means it is compatible with Snort rule set management software. It supports multiple output formats that any network administrator will find useful. Sagan can also stop threats based on log analysis via "Snortsam". This allows Sagan to communicate with various types of network devices (Cisco routers/ASA/etc., Linux iptables, etc).