Search Results for "log analysis tools"

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

Flexible web-based firewall log analyzer, supporting netfilter and ipfilter, ipfw, ipchains, cisco routers and Windows XP system logs, and mysql or postgresql database logs using the iptables ULOG or NFLOG target of netfilter others mapped to the ulogd format with a view. Fully supports IPv6 for database logs, and netfilter and ipfilter system file logs. Also supports Maxmind's GeoIP version 2 location databases. For Linux, FreeBSD, OpenBSD, Solaris, OSX,etc.

Two tools able to edit your ipfilter.dat . These tools are able to edit your ipfilter.dat in order to check for big ranges and to check adjacent ranges . From the creators of ipfilterX , Nexus23 Labs . - Updates in Progress -

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. ...

redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB

These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

This is the effort to make a simple small business server that provides basic infrastructure with spam and virus protection, service usage accounting and reporting, easy provisioning and password management, message board, addressbook and other.

Capra is a Open Source tool to quickly get some nice and useful reports out off your Watchguard Fireware log files.

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP into IPFW table effectively blocking them. Addresses are removed from the table after expiration period

readlog is a pair of scripts for reviewing iptables firewall logs via a handy web interface using a MySQL backend.

LogCop is a set of turn-key bash/firewall/awk scripts for enhancing an IDS. It monitors system logs and blocks IP addresses based on such criteria as illegal user names from repeated attacks. In production under Linux, FreeBSD, OS X, Solaris.

IP Traffic Volume: Logs (counts) in- & outgoing bytes through network device(s) using kernel iptables. Highly configurable as to which bytes are logged, e.g. to/from specific ports or ip-addresses. Data displayed in html via cgi or plain ascii to console

FwPlatinum provides real time data analysis of CheckPoint FireWall-1 connection logs. Data is stored for up to 2 years, and is accessed by CGI generated graphs which can drill down to the specific time that you are interested in.

The Titan Firewall is an interface Web to manage firewall based on Linux with iptables. It supports filtrate of packages, NAT, logs, VPN's... Implemented in Java and jsp.

Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.

Loganalyzer for Windows XP Firewall and Linux Iptables firewall. Generates a nice html document with statistics from all the pakets captured by the firewall. The program is written in Python and has an (optional) graphical interface.

Traffic Control is a Linux toolbox to control squid, NAT, and other services traffic limits. TF uses Linux iptables to count traffic. This utility consists of two parts. The first is server side (written in Perl) and the second part is the interface.

PACIE (Perl Analysis Console for Intrusion Events) Attempts to be a complete replacement for ACID. Place this cgi script on your internal webserver and receive powerfull reporting on your current snort database.

fwlogwatch is an open source firewall/IDS log analyzer and interactive realtime attack detection and response tool

A Log Extraction Utility for owners of the Belkin 4-Port Cable/DSL Gateway Router (Model F5230).

Pothos is an iptables log analyzer. It is used to interpret, in a user-friendly fashion, the logs that ulogd creates with it's MySQL plugin. It's main objective is to be efficient, leaving as small a foot-print as possible.

myNetWatchman Perl Agent is a program that is designed to capture rejected packet information from various firewall logs and forward this attack information to central analysis servers at myNetWatchman.com.

Live Security/Forensics Linux Distribution, built from scratch and packed full of tools useful for vulnerability analysis, penetration tests, and forensic analysis.

This very simple perl script parses you iptables log files and produces a report in text format with a summary based on the prefix of the log ( --log-prefix option of iptables ). Prefix description is allowed.