Open Source Logging Software

NSClient++ is a windows service that allows performance metrics to be gathered by Nagios (and possibly other monitoring tools). It is an attempt to create a NSClient and NRPE compatible but yet extendable performance service for windows.

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Flexible web-based firewall log analyzer, supporting netfilter and ipfilter, ipfw, ipchains, cisco routers and Windows XP system logs, and mysql or postgresql database logs using the iptables ULOG or NFLOG target of netfilter others mapped to the ulogd format with a view. Fully supports IPv6 for database logs, and netfilter and ipfilter system file logs. Also supports Maxmind's GeoIP version 2 location databases. For Linux, FreeBSD, OpenBSD, Solaris, OSX,etc.

Hyperic is application monitoring and performance management for virtual, physical, and cloud infrastructures. Auto-discover resources of 75+ technologies, including vSphere, and collect availability, performance, utilization, and throughput metrics.

OpenXDAS is an open source implementation of the Open Group's Distributed Auditing Service (XDAS) specification. OpenXDAS provides a complete implementation of the XDAS specification API, including client-side instrumentation and filtering.

A complete OpenSource Network Management System Is SNMP-Standard Oriented (tested on Cisco and Linux). It Integrates Syslog, Tacacs, RRDtool (Performance Graphs), Maps, Traps, TFTP, Autodiscovery, Sound Alerts, AAA, Modular and Extensible.

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

Big Sister is an SNMP aware network and system monitor

This is a set of perl and php scripts that are used to collect, process, store and display netflow data.

ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.snaresolutions.com/try-snare-for-free/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.snaresolutions.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!

A tool to monitor and analyse data transmitted between clients and a server through a TCP connection. This tool focuses on the data stream (software layer), not on the lower level transmission protocol as packet sniffers do.

VScan is a small, text-based, platform independent port scanner written in python, which supports multithreading and banner grabbing.

Lilith is a logging and access event viewer for Logback, log4j & java.util.logging. It has features comparable to Chainsaw for log4j. This means that it can receive logging events from remote applications using Logback as their logging backend

The Distributed Intrusion Detection System.

GeneSyS is an open generic framework for network and system management, based on intelligent software agents using web-services/SOAP. It is a supervision tool for monitoring, management and control of distributed applications built with Java, .NET, PHP.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

A tool to monitor internet hosts` bandwidth usage in a Linux-NAT network. A daemon collects data and clients display them (currently a Java applet with a graph). It automatically detects new hosts and has a nice summary statistic.

NLog is a logging platform for .NET with rich log routing and management capabilities. It uses familar logger pattern known from log4xxx. Advanced routing options include buffering, asynchronous logging, load balancing, failover, and more.

Perl logfile analyzer for DELL Sonicwall Firewall logfiles. This Perl program (Windows /Linux / Mac), creates an HTML file containing: hits per protocol, mean, median and variance on hourly and weekday basis, RBL statistics, IPS stats, VPN stats, virus stats, surfing statistics, CFS blocked sites stats.

Application Heartbeat Monitor is a daemon + library that applications register with to have their life signs monitored.

BASE+ (Basic Analysis and Security Engine) is based on ACID project. This application provides a web front-end to query and analyze the alerts coming from various IDS systems (e.g. Snort).

Cisco Perl Tools contains CIPAT (Cisco IP Accounting aggregator) and ISDN-Reporter (Cisco ISDN call aggregation and reporting tool). [NetProvisioning has moved to its own project page on SF]

Compiere-NMA is a compiere module for network monitoring, pbx cdr, accounting and billing. Target is to provide the needed infrastructure for providers and companies needed to monitor and bill IP networks based on Compiere ERP + CRM.