(Page 9 of 26)   < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >

Category: Auditing » Log Analysis

Crash Core Analysis Suite
Added 2003-07-25
by Mission Critical Linux
The Crash Core Analysis Suite utility is a self-contained tool, loosely based on the SVR4 crash command but completely merged with gdb, thereby combining the kernel-specific nature of crash with the source level debugging capabilities of gdb. The utility can be used to investigate live systems, kernel core dumps created from the Kernel Core Dump patch offered by Mission Critical Linux, and kernel core dumps created from the Linux Kernel Crash Dumps (LKCD) patch offered by SGI.

Added 2003-07-08
by ostborn
ModLogAn is a modular logfile analyzer that combines speed with flexibility. It parses the logfiles generated by several server-types (HTTP, FTP, mail, streaming, etc.) and other logfile sources (flow-tools, ipchains, PABXs): currently 24 parsers. It features incremental logfile processing and internal resolving, and is able the split (mass-hosting) and combine logfiles (clusters) internally. The output can be based on the internal template engine to generate your own look & feel.

Added 2003-07-08
by Greg A. Woods
NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.

Added 2003-07-08
by Adam Richard
LogIDS 1.0 is my latest tool and my personal contribution to the IDS field. I think that LogIDS will change the way people view intrusion detection, and may even redefine terms like ?event correlation?. LogIDS 1.0 is a real-time log-analysis based intrusion detection system, or since it can be fed with logs from other kind of IDS, it can be seen as a mega-IDS. The graphical interface presents you with a representation of your network map, where each node (host or subnet) have its own little console window, where the logs belonging to it can eventually be displayed (depending on your rules). You get to specify the format of the log files you want to monitor, apply rules to these log files using field names you have previously defined, and you configure it to correspond to your environment and that's it! Rules can be displaying the fields you choose in the GUI, emit sounds for warnings or alerts, display icons pertaining to the actions depicted in the logs, or disregard the data if it contains no useful data. You can use LogIDS with LogAgent as a log supplier, and monitor logs from varied sources such as, but not limited to, Event Viewer, ComLog, ADSScan, IntegCheck, LogAgent 4.0 Pro, Snort, personal firewalls, most antivirus products, Apache, and just about any other software that produces ASCII log files (with the notable exception of IIS).

Added 2003-06-24
by Heike C. Zimmerer
netcount is a command line PPP traffic logging and statistics display tool for Linux. Logging is done via a small shell script which is called during the ip-up, ip-down, and system startup processes and from cron, while analysis and printing is done by a program written in Python. Statistics can be made on a per-call, daily, and/or monthly basis.

ADMLogger - Default branch
Added 2003-06-19
by Aaron D. Marasco
ADMLogger is a log analyzing engine. Using this core, users could easily build upon it with plugins. With very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates email reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has an HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable.

Added 2003-06-18
by Matt Brown
SRG (Squid Report Generator) is a log file analyzer and report generator for the Squid Web proxy. It was created to allow easy integration with authentication systems such as those that are used for squid itself. It is fast and flexible, and can report details down to the individual files fetched.

Added 2003-06-16
by Gérald Fauvelle
myStats is a full statistics system for Web sites, giving a lot of information about people who visit your site, about search engines, keywords, etc.

Added 2003-06-16
by Adam Richard
This tool is a command prompt (cmd.exe) logger, useful for generating intrusion evidence that was previously unavailable. With this tool, you can log command prompt sessions be it from the console, a compromised IIS system or through a netcat tunnel. This works a bit like a wrapper, ComLog taking the place of cmd.exe and passes the commands to be executed to the real cmd.exe which is renamed cm_.exe. Version 1.05 changes incude MS-DOS icon added to the executable, and better camouflage to avoid detection by the monitoree. Pro version allows you to choose the filename for cm_.exe to anything you like, to make it even harder to detect. It also allows you to specify pattern strings that you want obfuscated from the monitoree's output.

Blue dot
Added 2003-06-12
by Matti Tukiainen
Blue dot is a CGI tracking and Web site activity measurement script which generates Apache combined style access log files. These log files can be analyzed with most standard log analysis tools to track a site's popularity, referrers, hosts, etc. The logging is based on inserting a small piece of JavaScript or SSI code into every Web page. This code requests a very small blue dot image from a server where the call is logged. Blue dot can also be configured to set and log session and persistent cookies. This can be used, for example, to track pay-per-click search engine ROI.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus