Open Source Linux Log Analysis Software

AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. Sarg generate HTML reports, with informations about users, IP Addresses, bytes, sites and times.

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

GoAccess is an open-source, real-time log analyzer and interactive viewer for web server logs. It runs in terminals on UNIX-like systems and can generate standalone HTML, JSON, or CSV reports for browser-based analysis. GoAccess offers enhanced WebSocket authentication, supporting local and external JWT verification, with secure token refresh capabilities and seamless integration with external authentication systems. GoAccess allows any custom log format string. Predefined options include, Apache, Nginx, Amazon S3, Elastic Load Balancing, CloudFront, etc. Determine the amount of hits, visitors, bandwidth, and metrics for slowest running requests by the hour, or date.

LightSquid is a LIGHT and FAST, web based squid proxy traffic analyser . analize access.log and generate per-user & per group report.

Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly". And we got personal cabinet for each user/group.

Fluent Bit is a super-fast, lightweight, and highly scalable logging and metrics processor and forwarder. It is the preferred choice for cloud and containerized environments. A robust, lightweight, and portable architecture for high throughput with low CPU and memory usage from any data source to any destination. Proven across distributed cloud and container environments. Highly available with I/O handlers to store data for disaster recovery. Granular management of data parsing and routing. Filtering and enrichment to optimize security and minimize cost. The lightweight, asynchronous design optimizes resource usage: CPU, memory, disk I/O, network. No more OOM errors! Integration with all your technology, cloud-native services, containers, streaming processors, and data backends. Fully event-driven design leverages the operating system API for performance and reliability. All operations to collect and deliver data are asynchronous.

DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. This project is being actively developed on GitHub (https://github.com/denyhosts)

ProM is the comprehensive, extensible framework for process mining. Process Mining deals with the a-posteriori analysis of (business) processes using enactment logs.

[ set status to abandon - volunteers welcome ] The postfix-logwatch / amavis-logwatch log analyzers produce summaries, reports and statistics regarding the operation of postfix and amavis. Use standalone, or as a filter module for the open source logwatch utility.

The pimped Apache status makes the Apache server status readable, sortable and searchable. The pimped Apache status can merge the status of several servers that opens the possibility to identify the troubleshooter even in a loadbalanced website. The webbased tool offers a multilanguage, skinable interface with a built-in updater. In several views you see most requested pages, vhosts, used methods, IPs that make the most requests and more. All views are sortable tables you can filter by a keyword and are available as API Request too to get its data as CSV, XML or JSON. Compatible with PHP 7+8 (and should run on PHP 5.x - but is not supported).

pgBadger is a fast and powerful log analyzer for PostgreSQL, written in Perl. It parses PostgreSQL logs and generates detailed, visually appealing HTML reports, helping DBAs and developers understand query performance, connection issues, and system bottlenecks. With support for incremental analysis, gzip-compressed logs, and parallel processing, pgBadger is ideal for monitoring and optimizing PostgreSQL database activity in production environments.

Sendmail log Analyzer is a tool to monitor sendmail usage and generate HTML and graph reports. It reports all you ever wanted to know about email trafic on your network. You can also use it in ISP environment with per domain and per mailbox report.

Squid Analyzer parses Squid proxy access log and reports general statistics about hits, bytes, users, networks, top URLs, and top second level domains. Statistic reports are oriented toward user and bandwidth control.

this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks

This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop the speed of analysis is roughly 100k leases per second. Number of ranges, or shared networks, does not make any significant difference in getting analysis done.

The goal of PyTables is to enable the end user to efficiently and easily manipulate large datasets (both homogenous, i.e. arrays, and heterogenous, i.e. tables) on a persistent, hierarchical way.

AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.

swatchdog.pl started out as swatch, the "simple watchdog" for activity monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. The name has been changed to satisfy a request made by the old Swiss watch company.

Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration.

FastStats is a c-based replacement for HalfStats (http://www.halfstats.com/), a Half-Life log parser and reporting tool.

HoneyVIew ist a tool to analyze honeyd-logfiles of the honeyd-daemon implemented by Niels Provos in an convenient way. HoneyView generates graphical and textual results from queries against the logfile data.

DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.

BigBrotherBot (B3) is a cross-platform, cross-game game administration bot. Features in-game administration of game servers, multiple user access levels, and database storage. Currently include parsers for: Call of Duty, Urban Terror and more!