(Page 4 of 26)   < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >

Category: Auditing » Log Analysis

network traffic volume capture to postgresql
Added 2004-04-22
by Rob Fowler
This is a Unix daemon that captures traffic packet size, source, destination, and times and saves this data into a postgres database in near real time, from which traffic reports may be made. It does not save the actual data or headers. Works on ethX or cooked devices like ppp0. It uses Postgres embedded SQL to insert the data, pcap to capture traffic, and pthreads to capure and write at the same time. It is written in C++ using STL. Pcap filters can be specified on the command line. Logs go to syslog.

Added 2004-04-12
by Bob
Webfwlog allows users to design reports to use on logged data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use.

Added 2004-04-12
by fuzzyping
Hatchet is a log parsing and viewing utility for OpenBSD's PF firewall software. It presents HTML output of logged events and utilization graphs using pfstat.

Added 2004-04-07
by Michael Rash
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.

Added 2004-03-29
by Crah the Merciless
CRM114 is a Controllable Regex Mutilator and Smart Filter, designed for easy creation of filters for things like incoming mail, system logs, or monitoring processes. Filtering rules can be either hard-coded (such as regexes), soft-coded (calculated at runtime or read from an external file or process), or learned dynamically by phrase matching (by SBPH hashing). This makes it possible to create very accurate filters with very little actual work.

Added 2004-03-29
by Tevfik Karagülle
Logrep is a secure multi-platform framework for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports more than 15 popular systems including Snort, Squid, Postfix, Apache, syslog, iptables/ipchains, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.

Added 2004-03-23
by Alexei Vladishev
Zabbix is software that monitors your servers and applications. Polling and trapping techniques are both supported. It has a simple, yet very flexible notification mechanism, and a Web interface that allows quick and easy administration. It can be used for logging, monitoring, capacity planning, availability and performance measurement, and providing the latest information to a helpdesk.

Syslog Management Tool
Added 2004-03-11
by Jeremy Guthrie
The Syslog Management Tool (SMT) is a Web-based system that collects syslog messages using a modified version of Modular Syslog. It processes them for errors and generate alerts, launches programs, or sends emails based on user-defined actions. Since it uses a Web console, rules, hosts, and much more can be centrally managed. It is designed to be disaster resilient by distributing components throughout a global enterprise to survive Web console loss, database loss, or syslog server loss.

Nmap Parser
Added 2004-03-11
by Anthony G Persaud
Nmap Parser is a Perl module that simplifies the process of developing scripts and collecting information the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters. A module such as Nmap::Scanner is required to actually perform a scan.

Added 2004-03-09
by Gary Wallis
mysqlRadiusd is a RADIUS daemon based on the 1.6.6 Cistron distribution and the mySQL patches that has been modified for use with the mysqlISP GPL ISP management software system. It is very stable and can handle large ISPs easily while pumping mass accounting records into mysqlRadacct subsystem at a tremendous rate from even multi-server clusters.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus