< Prev 4 5 6 7 8 9 10 11 12 13 14 Next >
Category: Auditing » Log Analysis
Crash Core Analysis Suite
The Crash Core Analysis Suite utility is a self-contained tool, loosely based on the SVR4 crash command but completely merged with gdb, thereby combining the kernel-specific nature of crash with the source level debugging capabilities of gdb. The utility can be used to investigate live systems, kernel core dumps created from the Kernel Core Dump patch offered by Mission Critical Linux, and kernel core dumps created from the Linux Kernel Crash Dumps (LKCD) patch offered by SGI.
ModLogAn is a modular logfile analyzer that combines speed with flexibility. It parses the logfiles generated by several server-types (HTTP, FTP, mail, streaming, etc.) and other logfile sources (flow-tools, ipchains, PABXs): currently 24 parsers. It features incremental logfile processing and internal resolving, and is able the split (mass-hosting) and combine logfiles (clusters) internally. The output can be based on the internal template engine to generate your own look & feel.
NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.
LogIDS 1.0 is my latest tool and my personal contribution to the IDS field. I think that LogIDS will change the way people view intrusion detection, and may even redefine terms like ?event correlation?. LogIDS 1.0 is a real-time log-analysis based intrusion detection system, or since it can be fed with logs from other kind of IDS, it can be seen as a mega-IDS. The graphical interface presents you with a representation of your network map, where each node (host or subnet) have its own little console window, where the logs belonging to it can eventually be displayed (depending on your rules). You get to specify the format of the log files you want to monitor, apply rules to these log files using field names you have previously defined, and you configure it to correspond to your environment and that's it! Rules can be displaying the fields you choose in the GUI, emit sounds for warnings or alerts, display icons pertaining to the actions depicted in the logs, or disregard the data if it contains no useful data. You can use LogIDS with LogAgent as a log supplier, and monitor logs from varied sources such as, but not limited to, Event Viewer, ComLog, ADSScan, IntegCheck, LogAgent 4.0 Pro, Snort, personal firewalls, most antivirus products, Apache, and just about any other software that produces ASCII log files (with the notable exception of IIS).
netcount is a command line PPP traffic logging and statistics display tool for Linux. Logging is done via a small shell script which is called during the ip-up, ip-down, and system startup processes and from cron, while analysis and printing is done by a program written in Python. Statistics can be made on a per-call, daily, and/or monthly basis.
ADMLogger - Default branch
ADMLogger is a log analyzing engine. Using this core, users could easily build upon it with plugins. With very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates email reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has an HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable.
SRG (Squid Report Generator) is a log file analyzer and report generator for the Squid Web proxy. It was created to allow easy integration with authentication systems such as those that are used for squid itself. It is fast and flexible, and can report details down to the individual files fetched.
myStats is a full statistics system for Web sites, giving a lot of information about people who visit your site, about search engines, keywords, etc.
This tool is a command prompt (cmd.exe) logger, useful for generating intrusion evidence that was previously unavailable. With this tool, you can log command prompt sessions be it from the console, a compromised IIS system or through a netcat tunnel. This works a bit like a wrapper, ComLog taking the place of cmd.exe and passes the commands to be executed to the real cmd.exe which is renamed cm_.exe. Version 1.05 changes incude MS-DOS icon added to the executable, and better camouflage to avoid detection by the monitoree. Pro version allows you to choose the filename for cm_.exe to anything you like, to make it even harder to detect. It also allows you to specify pattern strings that you want obfuscated from the monitoree's output.
Browse by category