Connlogd is a detailed TCP/UDP connection logger with the ability to filter what information is logged. It can log to syslog or stderr so that it can be used with other logging packages such as D.J. Bernstein's multilog program. In addition to address and port information, it logs all TCP header flags (SYN, FIN, etc... as well as bogus flags) and the TCP window size. It uses the pcap library for packet capture and runs on most systems that support the pcap library. NOTE: Included in the source distribution is a script to help convert the logs into the format used when reporting attacks to dshield.org.
864dfbe8e77ac73e591422b48eaff63f4d2778eb91cb34c1e15e03e54890c7fb
Disco is a passive IP discovery utility designed to sit on segments distributed throughout a network and discover unique IPs. In addition to IP discovery Disco has the ability to passively fingerprint TCP SYN packets to determine the host operating system.
0cb6cf5974b9f12310a453d71387bf3d827b4c4e0461ac4594cd72f53f4f1055
Socklog is a small and secure replacement for syslogd which supports system logging through Unix domain sockets (/dev/log) and UDP sockets (0.0.0.0:514) with the help of runit's runsvdir, runsv, and svlogd. Socklog provides a different network logging concept, and also provides log event notification. Includes built in log file rotation based on file size.
53dab8955ec383338de17dad0064eb4f80cfe2c801fcdd61a9328ec35426938a
Disco is a passive IP discovery utility designed to sit on segments distributed throughout a network and discover unique IPs. In addition to IP discovery Disco has the ability to passively fingerprint TCP SYN packets to determine the host operating system.
6183163d79bc3366a35a626ce453925b5247312d90899d9150635d23fbcafe33
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
fa96bac45d395d3ac5d8b750aaf90bb7099fbcf5ef096ceff0272c03a8fdd237
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
4e765d1e6b2f97a48521f2ccb109118602a06e59be467aef7b1378894b4a9136
syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful. Requires libol.
219999e21d63f786e34485f82ed02b7920da3ccf4151939fc4b2c771024ef394
AWStats is a short for Advanced Web Statistics. It's a free tool that generates advanced web (but also ftp, syslog or mail) server access statistics graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files often and quickly. It can analyze log files from IIS (W3C log format), Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar and most of all web, proxy, wap servers (and even syslog, ftp servers or mail logs). Take a look at this comparison table for an idea on differences between most famous statistics tools.
044206e655ee8a88d642af8c38323392fcc4c50ee6ea04e601ff1b4c86081601
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
23b7d1333a66a1c965c242d4db8423122ff9a8a4c677ddb911bf0c7152eca4b9
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
db7158e3999e4608a14594f8a38de73b7e7a6e2828aa60cf853690f013f4ac12
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
735ec960984c399de513f0bbc1fb7aada014033e5a7c0f47e11f5c988d9b0d0f
LogDog is a very easy to configure and install system log monitor for watching system log files and emailing administrators when problems are found. Note that LogDog sends email to REAL email addresses, and does not require sendmail to be installed, it uses SendEmail which is also written by me and is included with the LogDog package as of v0.94.4. LogDog has a single configuration file which allows you to easily specify a list of key words to watch for, a list of words to ignore, a list of administrators to email when problems are found.
e2a16752bbdc1eff144ebeaa812d1dc9a657bee459419fe535163aec4994e27d
The Logging Project (formerly salt) are tools which provide centralized, secure and fault-tolerant logging. It is flexible, robust, and easy to integrate, making it a good alternative to replacing syslog.
02c2c1b3964187dfb6201bdd2eaf7f5bd457d9e8ada5fb6d50b2cd2a7463bfda
Bigeye is a network utility dump that can be run in multiple modes - sniffer, logging connections, and even emulating protocols such as HTTP or FTP. The main focus of this program is to create an emulative service that would fool hackers/worms into thinking that they're exploiting a real service, but in fact, they're trying to exploit a fake service. The services currently available are ftp or http. Useful for honeypots.
539835fe1b31923f09bb295a5f862a421092758644cc95c5c8832c043cfe9635
Logdump is a set of commands that dump the contents of the standard Unix log files: utmp, wtmp, utmpx, wtmpx, lastlog & acct. With logdump you may discover zapped/patched log entries; something you cannot do with who(1) and last(1).
75a475c87285aaee6e2424c3f56753ce23e75a8dcc4d13f2eba8a2683b0e5b2b
IPFC is a framework to manage and monitor multiple types of security modules across a network. Security modules can be as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from servers to embedded devices). Features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
63511bda8c6fd2d6f712c45572657cc8891a2f5cdada97fec9266aa464af65a9
Sec is a free and platform independent event correlation tool that was designed for network and application management, but it can be applied for solving any other task where similar event correlation operations are relevant. Since sec uses powerful regular expression concept for matching input and also supports named pipes as input files, it can not merely be used for matching events from a single logfile, but also for more general purposes. You can integrate sec with arbitrary network management (or other) application, provided that output from that application can be directed to a named pipe, which most modern network management platforms provide. Written in perl, works on Unix and Windows. FAQ here.
207a4804d03e2d8b75b7babeaa2ffa17d2483ed2719354c92c2d8ed7e76345ac
IPFC is a framework to manage and monitor multiple types of security modules across a network. Security modules can be as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from servers to embedded devices). Features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used
35da85916f89ffe63c21bbd2e6dc451a2045d24980edb9862b30db9e2c9a9bea
Plogd v2 - syn/udp/icmp packet logger (freebsd version).
6c7d6a373bf27fc4fe88c764bdf5b002ece8a6296bef7632474fc0eaa5c56233
IDS/A is an API which programmers can use to add security awareness to their applications. This is implemented via an integrated reference monitor, logger and IDS which is accessible to applications through a simple API. Applications can use this infrastructure to delegate access control and intruder detection to idsa.
c9e3fa1f786665ed1060f7b1217d60947083c5f7d6d9a2db316c7687993c1023
syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
d4d3bc043ac32bae2d82f2b91830abca12aba7bff2bdf1379d396f5a0d4608d7
Log_analysis is a log file analyzer which extracts relevant data for any of the recognized log messages and produces a summary that is much easier to read and can be easily configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD.
35732b17e1e80a93fb35ca0eae6650428094b21c32c6df4e2dc6d312d3bc5a54
Icmp-Log v0.4 is a simple ICMP logger.
26034114f4f2e03badef9ea5d53b3fbb65e94c2cf0a0db00c5d7da43fa7045cb
syslog-fifo reads syslog messages from a fifo pipe, files them according to type, date, machine et,c and alerts users if 'regex' patterns are matched. It is very useful for large sites with central syslog servers.
0859612fc82411e182087bd6d4a08dfd4fc8ab221177f98a614b7e598672fcbc
Icmp-Log v0.4 is a simple ICMP logger.
ca68646691293ec198e2109258822f5491defff735799a86db504b84fcaf73a9