Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. Sarg generate HTML reports, with informations about users, IP Addresses, bytes, sites and times.
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization
Free-SA is report generating tool for web, proxy and mail log files
Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration.
ISC dhcpd leases usage analysis
This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop the speed of analysis is roughly 100k leases per second. Number of ranges, or shared networks, does not make any significant difference in getting analysis done.
py-rrdtool is a Python module provides an interface to RRDTool, the well known graphing/logging tool.
FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.
IPCAD runs captures traffic on the specified interfaces (BPF, PCAP, divert, tee, ULOG, IPQ), and records the traffic for later retrieval and analysis. Traffic exported via RSH or NetFlow.
SRG is a log file analyser and report generator for the Squid web proxy. It is fast and was created to allow easy integration with other authentication systems. SRG is flexible and can report right down the the level of individual files requested.
Snare Enterprise: http://bit.ly/premium_snare
ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.intersectalliance.com/why-snare-enterprise/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.intersectalliance.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!
repair corrupted pcap and pcapng files
this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks
Textual data processing solution for system administrators and Web programmers. The C library allows to manipulate string lists, CGI forms, MIME data, configuration files, logs parsing, regular expressions, date/time parsing, templates rewriting etc.
Logpp is a tool for preprocessing event logs and feeding relevant data to other programs for storing or in-depth analysis. Logpp reads lines appended to input files, matches the lines with patterns, and writes the results to given destinations.
lease-parser is a simple daemon that records the lease state changes of an ISC DHCP server to a database for historical reference. The data can be searched via a web search form that is provided with the tool.
IPAC-NG is the iptables/ipchains based IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Ipchains and (preferably) iptables are supported. Logs are stored in files, a gdbm or a PostgreSQL database.
imsniff is a pcap-based instant messaging sniffer. It captures the IM traffic in the network and is able to log conversations, contact lists, profile information, incoming email notifications, other MSN events, etc. Tested in Linux and Windows.
JMassLogProcess is an next generation SIEM solution, based on high performance syslog and snmp trap collector(up to 20,000 logs/s),Distributed File System(Hadoop),Complex Event Processing Engine and ZK …….
Netmon is a simple program for monitoring bandwidth and data usage on linux machines. It is useful for those with a broadband connections that pay for their data or have download limits.
Epilog is a multi-file logging program written in C using GTK+ capable of doing log coloring according to key words and doing reports.
Universal IP-traffic collector. Can gather data from Cisco IP Accounting / ipcad, Mikrotik, NSG, Revolution routers.
ttyrpld is a multi-OS kernel-level TTY keylogger and screenlogger with (a)synchronous replay support. It runs on Linux, Solaris, FreeBSD, NetBSD and OpenBSD.
1 2 3 Web it's a modification of webalizer. The log analisys program outputs a XML file an then a PHP script get this XML and outputs a XHTML+CSS web page.We can have more than one stats at the same time and it's a lot easier to change the stats look.
AccounteX is an IP accounting system based on the IP Stat program. It has many exciting features like fully customizable web traffic accounting and user access control by many different values. information service and web statistics and administration.
Alfred, OpenSource Internet Software, is a collection of utilities that bring Quota support to SQUID. Alfred has been used in a large high school for several years now, and is working without a hitch.
The Mac OS X Port of analog which has been specially rewritten into ObjC code to take advantage of Cocoa. The rewrite will also incorporate new features not found in the console version. Includes a graphical interface, support for XML property lists. .
This filter allows Apache log files to converted from one time zone to another. This is especially useful if you are using a hosting service that produces its logs in another timezone and you want to make sense of your log statistics.