Open Source Log Analysis Software - Page 2

Logpp is a tool for preprocessing event logs and feeding relevant data to other programs for storing or in-depth analysis. Logpp reads lines appended to input files, matches the lines with patterns, and writes the results to given destinations.

Lire is a pluggable log analyzer, supporting HTTP, email, DNS, FTP, firewall and print services. Output generated can be txt, (X)HTML, PDF, RTF, and DocBook. The latter four support graphics. For news/support visit the project homepage.

ASC is a tool to count traffic between users and different subnets. The most common usage is to measure individual users amount of traffic to and from the internet. Very easy to configure, see the documentation.

With the Log Parser one can scan logs, whitelist out legitimate, non-corrupt entries (usually file paths), and apply a standard format to a log generated by any antivirus or malware-removal program. This makes for easier reading of the meat in any log.

NeoLogger is Windows Syslog Client similar to the logger command known from UNIX/LINUX systems used to send SYSLOG messages. It adds some usefull features to filter and replace content, reads from standard input, files or the windows eventlog. It is also able to watch a file or an eventlog for changes and transmits only the new entries. Logit is an additional tool, that logs process or batch output to a log file or windows Eventlog using predefined prefixes and timestamps. (see the screenshots for an Overview) Please donate some (micro-)bitcoins to my address if you saved time and money by using this free project: 1FvGzQvT3tcN47fxdaNjDeSFU6pAUsqMbn

Pothos is an iptables log analyzer. It is used to interpret, in a user-friendly fashion, the logs that ulogd creates with it's MySQL plugin. It's main objective is to be efficient, leaving as small a foot-print as possible.

Mac OS X application launcher for WireShark.

A powerfull tool for analysing application servers logs (websphere, websphere portal, j2ee, custom) in a cluster (or not). It can analyse any log format thanks to a parser plugin approache. You can easily develop your own parser in java (for jboss, bea,.

Panoptis plans to create a network security tool (N-IDS) to detect and block DoS and DDoS attacks. The programming language is C++, and the input is being provided by routers.

redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB

The Distributed Intrusion Detection System.

KismetToolSuite contains a couple of command-line tools to analyze, convert and merge Kismet log files (.csv, .gps and .xml). It is also a windows version for the Kismet to NetStumbler converter available!

This program will monitor one or more log files, updating when more data is available ala 'tail -f' , within a common terminal window via a "split window". User can scroll up/down/left/right through all the windows. A header displays each frames file nam

PyEximon is a GNOME monitor/manager for the popular MTA, Exim. It includes real-time status graphs and log updates, colored log browsing, hierarchial message lists, as well as a graphical interface to common message functions.

SrvReport is a simple and featurefull server monitoring and reporting system. It will send every day a mail with the latest state of the server including traffic (via /proc/net/dev and/or iptables), cpu, mail, http, ftp reports and other logs.

TailBlazer is a graphical version of the UNIX 'tail' utility. It allows you to monitor log files as they are written. New lines appear as they are written. TailBlazer takes this a step further by supporting pattern matching, filtering, and notification

TraffStats: network Traffic Statistic - is a monitoring and traffic analysis software, using SNMP to collect data from any enabled device. - has the ability to generate graphs (using jpgraph) with the option to compare and sum up different devices.

IPAC-NG is the iptables/ipchains based IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Ipchains and (preferably) iptables are supported. Logs are stored in files, a gdbm or a PostgreSQL database.

ISPMan is a system to design massive ISPs using LDAP as the backend. ISPMan provides a web front end and a command line interface to create virtual domains and manages users, dns information, email infos and httpd setup data for these vhosts.

Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and consultancy etc) and as a web-based tool (for more permanent/pretty deployment (with historical reporting and live stats). SUPPORT: The best way of contacting me is via Twitter below, NEWS: (16/Mar/15) A beta of v2 is finally released - apologies for the long delay!

phpLogFacility is a log class for PHP (like log4j for java or the dead log4php projects here), which enables you to use an easy to use logging mechanism inside your console or web script without the need of ugly debug screen output.

Calculates the size of the tcp-payload on a system via packet capturing and connectiontracking at the user level instead of the ip level.

ttyrpld is a multi-OS kernel-level TTY keylogger and screenlogger with (a)synchronous replay support. It runs on Linux, Solaris, FreeBSD, NetBSD and OpenBSD.

Application to display, as well as interpret, firewall information from a database to serve a variety of users needs. The application is online and cross-platform, written using PHP.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W