Open Source Perl Logging Software for ChromeOS

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Perl logfile analyzer for DELL Sonicwall Firewall logfiles. This Perl program (Windows /Linux / Mac), creates an HTML file containing: hits per protocol, mean, median and variance on hourly and weekday basis, RBL statistics, IPS stats, VPN stats, virus stats, surfing statistics, CFS blocked sites stats.

A framework for information security management. It has the centralized server for managing the IDS sensors, log consolidation and correlation, report generation etc. Also it has customized IDS sensor based on snort.

Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.

Labrador is a Host-based Intrusion Detection System (HIDS) and Integrity Checker written entirely in Perl. It aims to be a complete, free, multiplatform, and open-source solution for detecting modifications and tamperings in files.

Pace-IDS is an Intrusion Detection system designed to replace Tripwire, in that it is faster, and more effective of detecting trojan activity, and is easier to configure. All you have to do usually is simply change one variable to your email address.

Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase integration. By outputting to JSON it also leaves open the possibility for on the fly in memory correlation between events. Read the included README before starting, it has a quick start guide and info on the constructors.

devialog is a behavior/anomaly-based syslog intrusion detection system which detects unknown attacks via anomalies in syslog. It can generate signatures for ease of management, act upon anomalies in a predefined fashion or perform as a standard log parser

PFL can either operate as a stand-alone firewall log parser or set up to run and configure ipfw. The major focus is parsing, compressing, and filtering *NIX (to include Mac OSX) firewall logs generated by IPFW for quick and easy admin review.