Open Source Windows Logging Software

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

File system/directory monitoring utilities with loggin and task processing support (can execute files or make a WCF service call). Multiple configuration options. Source code libraries can be used to create a custom file system monitor.

NOTE PROJECT MIGRATED TO GITHUB - https://github.com/samrocketman/ekeyfinder is a Magical Jelly Bean Keyfinder fork. It is a utility that retrieves the product key used to install Windows from your registry or from an unbootable Windows installation. It works on Windows 9X, ME, NT/2K/XP, and Vista/Win7 and for other software.

THIS PROJECT HAS BEEN ABANDONED SINCE 2007, NO SUPPORT WILL BE PROVIDED. Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits). It detects modifications in your system, so as to detect a trojan or a spyware installation. It also includes a real-time anti-virus. Set your own security level for anti-spyware, ant

Automated network based hard disk drives / storage devices erasure is server based software which installs on a central server. Server is connected to network switches and several PXE boot enabled workstations are attached to the network. As soon as the workstation is powered on, it boots off the network via the server and begins wiping all the attached hard disk drives. Once all the hard drives are wiped, data related to each hard disk is stored in the central server’s database. Read WIKI Automated unattended network based data erasure wiping Comprehensive Reporting Web GUI reporting Generates certificate of data erasure Barcodes Labels Graphs Pie / Bar / Line Charts Hard Disks bad sectors & health reporting Hard Disk SMART Data collection Database Driven Distributed System Hard Disk Drives health reports Part Open Source * Friendly GUI Graphical User Interface Mass Hard Disk Drive Destruction Data Wiping HDD Data Eraser Storage Array Data Wipe

OpenXDAS is an open source implementation of the Open Group's Distributed Auditing Service (XDAS) specification. OpenXDAS provides a complete implementation of the XDAS specification API, including client-side instrumentation and filtering.

# clearlogs Clear All Windows System Logs - AntiForensics -- ------------------------------------------------------------------------- # wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. https://technet.microsoft.com/en-us/library/cc732848.aspx -- ------------------------------------------------------------------------- # .Net Framework 4.5.1 -- ------------------------------------------------------------------------- #Visual Studio 2013

A simple keylogger written in python. It is primarily designed for backup purposes, but can be used as a stealth keylogger, too. It does not raise any trust issues, since it is a set of [relatively] short python scripts that you can easily examine.

The application refers to track what happen with your computer USB ports by which USB drive and when. USB 007 can track it in your presence or absence. After inserting a removable disk such as Pen drive, Memory card, External hard disk etc. USB 007 will track the drive name, drive insertion date-time, drive space info and the file-folders (include hidden) that the drive contains. You will also get the updated info before the drive removed. The 4 more important features are that ♦ Enabling & Disabling options of USB ports. ♦ Track which files-folders are sent from/given to your computer. ♦ Track how much time the drive was connected to your computer. ♦ Observe (by reading only) if there is any virus in the drive, without open it.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

The Internet is full of such stuff. So why not introduce to you another one? Go! This is another example of using Win32 API functions to hook some system messages. Just run it once to start listening to the keyboard and clipboard and writing all content into a text log file. Recording will stop the second time you execute it. The author promises that this keylogger has no undeclared functions and is not a malicious program. It is intended for educational use and not for collecting sensitive information.

This program allows you to explore the history of connecting usb drives after installing the system. Small size(19 kb with Gui). Very simple GUI. Export information to *.csv file. Enjoy!

KeyCounter is a tool for the tray-bar that helps you to get statistics about the useage of your computers keyboard, mouse and uptime. KeyCounter is not intended to work as a keylogger.

ccsrch is a tool that searches for and identifies unencrypted and contiguous credit card numbers (PAN) and track data on windows and UNIX operating systems. It will also identify the location of the PAN data in the files and record MAC times.

watches for Regristry-changes of keys like HKLMSoftwareMicrosoftWindowsCurrentVersionRun etc. and pops up if something has changed, logs it, can ask google for the key found. Protects against Trojans and Viruses.

"Google Hack" Honeypot Project. GHH is written in PHP and assists the development of web based honeypots designed to lure search engine hackers.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Labrador is a Host-based Intrusion Detection System (HIDS) and Integrity Checker written entirely in Perl. It aims to be a complete, free, multiplatform, and open-source solution for detecting modifications and tamperings in files.

ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.snaresolutions.com/try-snare-for-free/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.snaresolutions.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!

Sniper is a powerful keylogger component that can be easily integrated in applications. It is a small,easy-to-use ActiveX control that encapsulates all the complexity for logging keys and exposes a few important properties and methods.