< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Auditing » Log Analysis
Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries. Reporting tools are distributed with the daemon.
netfilter2html is a script wrote using GAWK to process netfilter logs and generate a nice HTML output. GAWK is faster to process text files, it can process 100.000 text lines in a few seconds.
fwlogsum produces a summary report of FW1 logs. It supports all versions of FW1.
Basic Analysis and Security Engine (BASE)
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
Maillog View is a Webmin module that allows you to easily view all your /var/log/maillog.* files. It features autorefresh, message size indication, ascending/descending view order, compressed file support, and a full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are supported. Courier MTA support is experimental.
BBclone is a PHP Web counter on steroids which displays individual logs as well as aggregated data. It is a clone of Big Brother webstats, except that it is written in PHP and it relies only on flat files (no database needed). BBclone enables any Web site administrator to have a very precise view of who visit the website: OS, browser, date, referring page etc. Main features include reload resistance, hostname resolution, proxy workaround, and blacklist.
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
php-syslog-ng is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, and date.
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX, Windows XP, and Snort IDS log files. It can output its summaries in text and HTML, and it has a lot of options. fwlogwatch also features an interactive incident report generator and realtime anomaly response capability with a Web interface and internationalization.
Browse by category