Strong Email & Apache Log Analysis with Active Security Features
X-Itools: eXtended Internet Tools. Suite of tools composed of several collaboration modules. Old and initial project born in 1999, 1st published in 2001 on Sourceforge. X-Itools E-mail management module (log analysis) initiated in 2004 with Web 1.0 technologies (private SVN server). X-Itools development restarted since 2011, on the basis of a unique module: E-mail management module (log analysis). Now based on web 2.0 technologies (ExtJS 4.1) and devel restarted because of a particular interest given to it by a world wide Organization (United Nations). Module renamed "X-Itools ELSE", for "X-Itools E-mail Log Search Engine". Some features: Log analysis and correlation of Postfix and Exchange servers, statistics, policy manager, in-deep analysis, automated network graphs for e-mail tracing, CSV export... The Swiss knife of Messaging Admins. In 2015, X-Itools ELSE is no more limited to E-mail logs: Apache logs are also processed and related stats and dashboards will be there!
ISC dhcpd leases usage analysis
This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop the speed of analysis is roughly 100k leases per second. Number of ranges, or shared networks, does not make any significant difference in getting analysis done.
Enhanced Apache Server Status
The pimped Apache status makes the Apache server status readable, sortable and searchable. The pimped Apache status can merge the status of several servers that opens the possibility to identify the troubleshooter even in a loadbalanced website. The webbased tool offers a multilanguage, skinable interface with a built-in updater. In several views you see most requested pages, vhosts, used methods, IPs that make the most requests and more. All views are sortable tables you can filter by a keyword and are available as API Request too to get its data as CSV, XML or JSON. Compatible with PHP 5 up to PHP 7.
Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. Sarg generate HTML reports, with informations about users, IP Addresses, bytes, sites and times.
SNĒZ is a web interface to the popular open source IDS program SNORT® . The main design feature of SNĒZ is the ability to filter (or dismiss) alerts without having to delete. Please view or download README file for platform and software prerequisites. SNORT® is a registered trademark of Sourcefire, Inc. All rights reserved.
Log analyser for Squid access.log
Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly".
AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more
Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.
Intelligently block brute-force attacks by aggregating system logs
SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.
ProM is the comprehensive, extensible framework for process mining. Process Mining deals with the a-posteriori analysis of (business) processes using enactment logs.
Command line client interface for LOGalyze 4
Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.
FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.
Tranalyzer flow generator packet analyzer moved to: tranalyzer.com
Download the new version 0.7.1 from https://tranalyzer.com/getit This tool generates extended netflow-like flow statistics from large pcap files or ethernet interfaces. It is intended to serve as a tool for IT troubleshooting, encrypted traffic mining and forensic analysis. A packet based "tshark mode" for detailed header and content inspection is also available. Flow based and packet based content inspection and extraction, better reporting, forensics support and encapsulation support such as ethip, teredo, anything in anything, sctp, etc are new features of the 0.7.1
Log Management Solution
Logs Analyzer, Alerter & Reporter with a Web Interface
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization
Squid Analyzer parses Squid proxy access log and reports general statistics about hits, bytes, users, networks, top URLs, and top second level domains. Statistic reports are oriented toward user and bandwidth control.
Hybrid IT Monitoring and Analytics Software - SaaS, Virtual, Physical
Zenoss is the global leader in hybrid IT monitoring and analytics software, providing complete visibility for cloud, virtual and physical IT environments for more than 40,000 global organizations. Zenoss customers gain IT performance and risk insights into their unique IT ecosystems through real-time analytics that adapt to the ever-evolving data center and cloud, enabling them to eliminate disruptions and accelerate business. The power of Zenoss Core begins with its in-depth IT inventory and configuration database. Zenoss creates this database by discovering managed resources -- networks, servers, storage, and other devices -- in your IT environment. Once Zenoss Core discovers the IT infrastructure, it automatically begins monitoring the performance of each device and provides event and fault management capabilities. Zenoss offers Open Source Core, Enterprise and SaaS solutions as well as an open API and SDK to easily extend your IT monitoring via Zenoss ZenPacks.
[ set status to abandon - volunteers welcome ] The postfix-logwatch / amavis-logwatch log analyzers produce summaries, reports and statistics regarding the operation of postfix and amavis. Use standalone, or as a filter module for the open source logwatch utility.
Snare Enterprise: http://bit.ly/premium_snare
ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.intersectalliance.com/why-snare-enterprise/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.intersectalliance.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!
A multi-platform universal log collector and forwarder
NXLog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc. Writing and reading logs to/from databases is also supported. The collected logs can be stored into files, databases or forwarded to a remote log server using various protocols. The old BSD Syslog and the newer IETF syslog standard is fully supported by NXLog in addition to Snare, XML, JSON, GELF, KVP, CSV and custom formats. A key concept in NXLog is to be able to handle and preserve structured logs. No need to convert everything to syslog and parse these logs again at the other side. It has powerful message filtering, log rewrite and conversion capabilities.
AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.
Workflow Designer, Hive Editor, Pig Editor, File System Browser
Flamingo is a open-source Big Data Platform that combine a Ajax Rich Web Interface + Workflow Engine + Workflow Designer + MapReduce + Hive Editor + Pig Editor. 1. Easy Tool for big data 2. Use comfortable in Hadoop EcoSystem projects 3. Based GPL V3 License Supporting Pig IDE, Hive IDE, HDFS Browser, Scheduler, Hadoop Job Monitoring, Workflow Engine, Workflow Designer, MapReduce.
A syslog message generator that replicates real syslog messages
Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and consultancy etc) and as a web-based tool (for more permanent/pretty deployment (with historical reporting and live stats). SUPPORT: The best way of contacting me is via Twitter below, NEWS: (16/Mar/15) A beta of v2 is finally released - apologies for the long delay!