A Python script that parses and mails ipchains, iptables and snort logfiles into the DSHIELD format for submission to DShield.org
G.R.E.A.T. - Google Earth Reporting Engine and Analysis Tool The Goal of this project is to create a basic IDS interface with Google Earth. Currently generates a KML file of traceroute/whois information suitable for use in Google Earth
A multiplatform visual implementation of the Unix utility grep
IPHPLog (IP PHP Log) is a simple software written in PHP, JS and SQL that runs over a MySQL database manager system . IPHPLog can log the information of your visitors and organize that on a data base with GeoIP.
JNFA - is a netflow analyzer. It uses MySQL database to store accounting information. Filters, used in the JNFA, allows very flexible classificate any kind of traffic and store it in the differend fields in database.
Maintenance and expansion of the CYBER-TA Anonymous Alert Publication System initially developed by SRI
A decade old shell script to ease postfix log analysis
This is just a fork of another project (Post-LA), from Henrique Bueno, developed around September 2009 and likely to have issues to run nowadays. Use at your own risk. The shell script should run against postfix mail log file and generate statistic and detailed HTML files for analysis. The initial idea is to have it running on a webserver to be remotely accessible; however, the file can be easily opened by any browser.
Slogbase is a lightweight database attached to objects in Second Life that provides the same functionality as Apache Web Server logs. It uses ordinary LSL code in Second Life to send sensor data to an external PHP/MySQL application.
A Log Extraction Utility for owners of the Belkin 4-Port Cable/DSL Gateway Router (Model F5230).
TraffStats: network Traffic Statistic - is a monitoring and traffic analysis software, using SNMP to collect data from any enabled device. - has the ability to generate graphs (using jpgraph) with the option to compare and sum up different devices.
linux tool to improve server security
cravlAndBlock is simple java application that cravl error log file of Your web server and add all attacker IPs. I.E. All Modsecure entries, scans and so on. Every bad IP will be added to hosts.deny file with ALL prefix. For sure it will not block all atacks but it will help. How it works: use cron to start java cravlAndBlock.jar in the same folder add properties.xml (I addes sample properties.xml file). And thats all. Program will start from cron, read properties file and make backup of hosts.deny file in backu location, cravl log file / files and add entries to hosts.deny file. It will print log information on the screen. If You are interested in cravl and block project please make a small donation for the author by paypal (to mail email@example.com). Those donation will make the project live. Everyone needs to eat something:)
Universal IP-traffic collector. Can gather data from Cisco IP Accounting / ipcad, Mikrotik, NSG, Revolution routers.
originally written to gather and group user data from Postfix's mail.info based on a given sasl_user. As it turns out, it works well for searching by message id or anything else useful. It also features, just for fun, ansi colors.
Parser of `tc class` output; shows current classes usage based on "rate" value, using "parent" infomation to create hierarchical tree of them, so that it can display statistics with given recursion limit. Supports classid translation. Watch your queues!
Infrastructure Monitoring, Log File Analysis & Visualization
This project provides a downloadable Ubuntu Linux appliance (virtual machine) consisting of Zabbix and ELK (Elasticsearch, Logstash, Kibana). The intention of this project is to help you get started with collecting performance metrics from your applications and underlying infrastructure. The tools provided help perform infrastructure monitoring, machine data analysis and log file analysis using Open Source software packaged within a Ubuntu Linux Virtual machine. This appliance is also provided to help users of VisualizeIT to collect relevant application & infrastructure performance metrics for purposes of visualization, modelling and forecasting. VisualizeIT offers access to a bunch of Analytical Models, Statistical Models and Simulation models.You can access the VisualizeIT website at www.visualize-it.co and the VisualizeIT modelling solution here http://useradmin.visualize-it.co. Read this to get started - http://community.visualize-it.co/knowledgebase/zabbix-elk-in-a-box/
Apache Analyzer is a Java application package for parsing and analysis of Apache logs. Reports are prepared as PDF files. OCEAN GenRap is used to analyze the data. Check out General Info in Docs page.
BCLF is the Binary Common Log Format, a fast, platform independent, streamable, compact logging format that resembles the Extended CLF logging format in content. The project goal is to make an Apache module and enhance the format without giving up speed.
Use Pentaho open source business intelligence tools and MySQL to collect & distribute web analytics (clickstream) data. Extract data from logs, load database tables, & present the information in dashboards, analysis cubes, and reports for business users. This project has been moved to github - https://github.com/cjlavigne/breadboard
Capra is a Open Source tool to quickly get some nice and useful reports out off your Watchguard Fireware log files.
Clown is a "clustering" framework. It allows you to cluster datasets (in ARFF) format using a number of different clustering algorithms.
DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.
Epilog is a multi-file logging program written in C using GTK+ capable of doing log coloring according to key words and doing reports.
GoatTracker collects information about your website referes to create e.g. Top Referer lists. It supports grouping (e.g. to count all google domains as one) and blocking.
Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.