< Prev 3 4 5 6 7 8 9 10 11 12 13 Next >
Category: Auditing » Log Analysis
pkdump detects TCP and UDP port scans and connection attempt from foreign hosts over the Internet.
Big Brother Log Analyzer
The Big Brother Log Analyzer (BBLA) is package consisting of an HTTP logger and an HTML log analyzer, aimed at individual users who may not have administrative privileges on their Web server. BBLA is free, and does not require you to display any advertising banner on the tracked pages. There is no limit to the number of pages you can track, nor any restriction on its use. It is also lightweight (the tarball is less than 50 KB).
ACID XML is a stand alone application that can read and parse snort xml logs. It was inspired by ACID, but was designed so you can get up and running quickly with your logs rather than spending hours getting ACID requirments together and working.it uses QT and expat and it is fully open source.
fireparse is an ADMLogger plugin that emails a report of all packets that have been logged by the kernel's packet filtering subsystem (iptables/netfilter or ipchains). The report includes source and destination ports, direction, logged packet count, matched rule, and fully resolved host names (if available). The email report can be formatted to plain text or a colored HTML table.
Relax log analyzer
Relax is a multi-platform Web server log analyzer written in Perl. It can be used to track which search engines, search keywords, and referring URLs led visitors to the Web site. It can also track down bad links and analyze which keywords to bid for at pay-per-click search engines. The parser module in Relax recognizes several hundred search engines and is capable of extracting the keywords used. Generated HTML reports can be configured to include links to other Web-based keyword analysis tools, making it easier to further improve the ranking of web pages in search engines.
incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
Network-Accounting Daemon for Netfilter
ulog-acctd is a userspace network accounting daemon which generates log files of network traffic for accounting purposes. It collects headers of IP packets that travel through the Linux 2.4+ netfilter. It writes accounting information to a log which can include protocol type, source and destination address, port numbers, byte and packet count, and incoming and outgoing interfaces. It is easily possible to generate CISCO "IP accounting output packets" style logs with this tool.
FWReport is a log parser and reporter for IPTables. It generates daily and monthy summaries of the log files, allowing the admin to free up substantial time, maintain better control over security of the network, and reduce unnoticed attacks.
pf2x is a PHP script that will take the output of your pflog and convert it into various different output formats. These output formats include plain text, XML, HTML, PDF, and MySQL INSERT statements for import into a MySQL database. This was developed and tested on OpenBSD 3.3 but should work for any system that uses PF.
Webanalyse is a Web site traffic statistics tool written in PHP 4. It doesn't use any databases or Apache logs. Its reports include Web site statistics by day, week, month, and year, referer, host, IP, browser. The big advantage lies primarily in detail of each visit--you can follow the pages or articles which are visited on your site. WebAnalyse can be added very easily on all the pages where you wish to follow the activity.
Browse by category