< Prev 2 3 4 5 6 7 8 9 10 11 12 Next >
Category: Auditing » Log Analysis
dnsgraph is a very simple DNS statistics RRDtool frontend for Bind that produces daily, weekly, monthly, and yearly graphs of success/failure, recursion/referral, and nxrrset/nxdomain.
Intrusion Detection Exchange Architecture
IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors.
Pathalizer is a tool for visualizing the paths most users take when browsing a Web site. This information can be used to decide how to improve the navigation of the site, and for determining wihch parts are most worth improving and keeping up to date. It generates a directed, weighed graph from an Apache log, but could easily be modified to analyze any list of events.
Anteater is a log analyser for MTA logfiles (such as those produced by sendmail and postfix). The tool is written in 100% C++ and is very easy to customize. Input, output, and the analysis are modular class objects with a clear interface. Currently, there are modules for reading the syslog format of sendmail and postfix that do up to eight useful analyses and write the result in plain ASCII or HTML, to stdout or to files.
TrafficWatch is a system for accounting Internet traffic in a residential college or school type of environment. It consists of a set of scripts and Web pages for accounting for each user's Internet usage by volume, and is currently capable of accounting for both Squid proxy traffic and direct IPv4 traffic.
sensorTrends is a Web-based application that displays a high-level view of the ports that are being scanned over the course of time. The display is similar to the look and feel of incidents.org and Dshield.com. There are also quick links to correlate your data with incidents.org and Dshield.com. Supported log formats are Cisco router Access Control Lists (ACLs) syslog output, Cisco PIX firewall syslog output, Snort's portscan.log files, and NetScreen syslog output.
Prelude Log Monitoring Lackey
The Prelude Log Monitoring Lackey (LML) is the host-based sensor program part of the Prelude Hybrid IDS suite. It can act as a centralized log collector for local or remote systems, or as a simple log analyzer (such as swatch). It can run as a network server listening on a syslog port or analyze log files. It supports logfiles in the BSD syslog format and is able to analyze any logfile by using the PCRE library. It can apply logfile-specific analysis through plugins such as PAX. It can send an alert to the Prelude Manager when a suspicious log entry is detected.
Arno's IPTABLES Firewall Script
Arno's Iptables firewall is a script which was originally derived from Seven's iptables script. One of the biggest differences is that this script also has support for ADSL modems. It also features stealth scan detection, extensive user-definable logging with rate limiting to prevent log flooding, masquerading and port forwarding (NAT), optimizing the throughput of your connection, protection against SYN/ICMP flooding, and much more. It's easy to configure and highly customizable. It includes a filter script (fwfilter) to make your firewall log more readable.
NISCA (Network Interface Statistics Collection Agent) is a more flexible PHP4-based MRTG replacement. It supports both SNMP and reading localhost's /proc/net/dev device file directly for statistics gathering. It uses MySQL to store collected data in, and stores statistics for bytes transferred, packets transferred, transfer errors, and dropped packets separated into a per interface incoming and outgoing set. It generates both graphs and a textual report table using the data from any timeframe contained in the database. The entire package runs using PHP4; it uses the CGI binary version of PHP for stats collection (running in the background as a "daemon") and either the CGI or Apache module versions to generate the GUI form and reports. It can also import existing MRTG logfiles.
The Userspace Logging Daemon (ulogd) is a flexible framework for extensive logging of packets on a firewall machine. ulogd uses the ULOG target of iptables/netfilter, the packet filtering framework of Linux 2.4. It supports binary plugins for adding packet interpreters and output-targets (e.g., for logging into databases, user-defined filetypes, etc.).
Browse by category