< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Auditing » Log Analysis
network traffic volume capture to postgresql
This is a Unix daemon that captures traffic packet size, source, destination, and times and saves this data into a postgres database in near real time, from which traffic reports may be made. It does not save the actual data or headers. Works on ethX or cooked devices like ppp0. It uses Postgres embedded SQL to insert the data, pcap to capture traffic, and pthreads to capure and write at the same time. It is written in C++ using STL. Pcap filters can be specified on the command line. Logs go to syslog.
Webfwlog allows users to design reports to use on logged data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use.
Hatchet is a log parsing and viewing utility for OpenBSD's PF firewall software. It presents HTML output of logged events and utilization graphs using pfstat.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
CRM114 is a Controllable Regex Mutilator and Smart Filter, designed for easy creation of filters for things like incoming mail, system logs, or monitoring processes. Filtering rules can be either hard-coded (such as regexes), soft-coded (calculated at runtime or read from an external file or process), or learned dynamically by phrase matching (by SBPH hashing). This makes it possible to create very accurate filters with very little actual work.
Logrep is a secure multi-platform framework for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports more than 15 popular systems including Snort, Squid, Postfix, Apache, syslog, iptables/ipchains, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
Zabbix is software that monitors your servers and applications. Polling and trapping techniques are both supported. It has a simple, yet very flexible notification mechanism, and a Web interface that allows quick and easy administration. It can be used for logging, monitoring, capacity planning, availability and performance measurement, and providing the latest information to a helpdesk.
Syslog Management Tool
The Syslog Management Tool (SMT) is a Web-based system that collects syslog messages using a modified version of Modular Syslog. It processes them for errors and generate alerts, launches programs, or sends emails based on user-defined actions. Since it uses a Web console, rules, hosts, and much more can be centrally managed. It is designed to be disaster resilient by distributing components throughout a global enterprise to survive Web console loss, database loss, or syslog server loss.
Nmap Parser is a Perl module that simplifies the process of developing scripts and collecting information the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters. A module such as Nmap::Scanner is required to actually perform a scan.
mysqlRadiusd is a RADIUS daemon based on the 1.6.6 Cistron distribution and the mySQL patches that has been modified for use with the mysqlISP GPL ISP management software system. It is very stable and can handle large ISPs easily while pumping mass accounting records into mysqlRadacct subsystem at a tremendous rate from even multi-server clusters.
Browse by category