Open Source Perl Logging Software

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Logs Analyzer, Alerter & Reporter with a Web Interface

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Perl logfile analyzer for DELL Sonicwall Firewall logfiles. This Perl program (Windows /Linux / Mac), creates an HTML file containing: hits per protocol, mean, median and variance on hourly and weekday basis, RBL statistics, IPS stats, VPN stats, virus stats, surfing statistics, CFS blocked sites stats.

SrvReport is a simple and featurefull server monitoring and reporting system. It will send every day a mail with the latest state of the server including traffic (via /proc/net/dev and/or iptables), cpu, mail, http, ftp reports and other logs.

Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and consultancy etc) and as a web-based tool (for more permanent/pretty deployment (with historical reporting and live stats). SUPPORT: The best way of contacting me is via Twitter below, NEWS: (16/Mar/15) A beta of v2 is finally released - apologies for the long delay!

Automated Incident Reporting (AirCERT) is an Internet-scalable infrastructure to automatically receive, process, and analyze security event information reported from across administrative domains.

Alist is a program that collects hardware and software information about systems and stores it in a database for users to browse and search via a Web interface. The program consists of three parts: a client portion that collects the information, a daemon

DAD is a Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time. DAD requires no agents on the servers or workstations. Correlation and analysis is driven through a web front end.

A stable and fast Linux/Unix toolset to aid in the security and ease of use of *Nix.

FWReport is a log parser and reporting tool for IPTables. It generates daily and monthy summaries of the log files, allowing the admin to free up substantial time, maintain better control over security of the network, and reduce unnoticed attacks.

This project is designed to assist with sharing Fail2ban blocking data across multiple systems.

A framework for information security management. It has the centralized server for managing the IDS sensors, log consolidation and correlation, report generation etc. Also it has customized IDS sensor based on snort.

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

This very simple perl script parses you iptables log files and produces a report in text format with a summary based on the prefix of the log ( --log-prefix option of iptables ). Prefix description is allowed.

KISS is a kernel-side host-oriented security tool, which may bring you file integrity checking, file and process hiding and actions handling on special internal events (using a tiny scripting language).

Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.

The Logging of User Actions in Relational Mode (LUARM) is a logging/audit engine designed to record in detail user actions in a Relational Database Management System (RDBMS). You can then have an organized 'who is doing what' view in your system, being able to easily correlate program execution, file access and network endpoint activity to user entities.

Labrador is a Host-based Intrusion Detection System (HIDS) and Integrity Checker written entirely in Perl. It aims to be a complete, free, multiplatform, and open-source solution for detecting modifications and tamperings in files.

Log parser and event generator

PIX Logging Architecture correlates Cisco PIX system logs into a MySQL database and provides a web-based frontend for displaying, searching, and managing Cisco PIX logged events, traffic, and IDS logs (More info at http://www.logging-architecture.net ).

Pace-IDS is an Intrusion Detection system designed to replace Tripwire, in that it is faster, and more effective of detecting trojan activity, and is easier to configure. All you have to do usually is simply change one variable to your email address.

Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase integration. By outputting to JSON it also leaves open the possibility for on the fly in memory correlation between events. Read the included README before starting, it has a quick start guide and info on the constructors.