|
(Page 3 of 26) < Prev 1 2 3 4 5 6 7 8 9 10 11 Next > Category: Auditing » Log Analysis Netfilter2html Added 2005-05-10 netfilter2html is a script wrote using GAWK to process netfilter logs and generate a nice HTML output. GAWK is faster to process text files, it can process 100.000 text lines in a few seconds. fwlogsum Added 2005-05-10 fwlogsum produces a summary report of FW1 logs. It supports all versions of FW1. Basic Analysis and Security Engine (BASE) Added 2004-11-12 BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. Maillog View Added 2004-11-01 Maillog View is a Webmin module that allows you to easily view all your /var/log/maillog.* files. It features autorefresh, message size indication, ascending/descending view order, compressed file support, and a full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are supported. Courier MTA support is experimental. BBclone Added 2004-07-15 BBclone is a PHP Web counter on steroids which displays individual logs as well as aggregated data. It is a clone of Big Brother webstats, except that it is written in PHP and it relies only on flat files (no database needed). BBclone enables any Web site administrator to have a very precise view of who visit the website: OS, browser, date, referring page etc. Main features include reload resistance, hostname resolution, proxy workaround, and blacklist. Ettercap Added 2004-07-05 Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. LogMonitor Added 2004-05-26 LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not. php-syslog-ng Added 2004-05-21 php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date. fwlogwatch Added 2004-04-26 fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX, Windows XP, and Snort IDS log files. It can output its summaries in text and HTML, and it has a lot of options. fwlogwatch also features an interactive incident report generator and realtime anomaly response capability with a Web interface and internationalization. network traffic volume capture to postgresql Added 2004-04-22 This is a Unix daemon that captures traffic packet size, source, destination, and times and saves this data into a postgres database in near real time, from which traffic reports may be made. It does not save the actual data or headers. Works on ethX or cooked devices like ppp0. It uses Postgres embedded SQL to insert the data, pcap to capture traffic, and pthreads to capure and write at the same time. It is written in C++ using STL. Pcap filters can be specified on the command line. Logs go to syslog. Browse by category |
|
|
Privacy Statement |
