AnalysePlugin will help you to search for more than one search pattern at a time. It is a plugin for NotePad++.
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization
Log analyser for Squid access.log
Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly".
A multi-platform universal log collector and forwarder
NXLog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc. Writing and reading logs to/from databases is also supported. The collected logs can be stored into files, databases or forwarded to a remote log server using various protocols. The old BSD Syslog and the newer IETF syslog standard is fully supported by NXLog in addition to Snare, XML, JSON, GELF, KVP, CSV and custom formats. A key concept in NXLog is to be able to handle and preserve structured logs. No need to convert everything to syslog and parse these logs again at the other side. It has powerful message filtering, log rewrite and conversion capabilities.
Snare Enterprise: http://bit.ly/premium_snare
ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.intersectalliance.com/why-snare-enterprise/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.intersectalliance.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!
XL-Parser is a tool for data extraction and analysis.
XL-Parser provides a bunch of functions for data extraction and analysis. It also provides web log analysis features like a tool for detection of suspicious activities. More details and screenshots on http://le-tools.com.
Open Source HGWC's Encryption
This anti-cheating software is used by S4 League client to interface and check in real time XTRAP's features and to report the logs to their remote servers. Details: HGWC Version: 57 Protocol Version: 7
Visual instrument for analyze internet traffic
ParserCap is a visual tool for information security specialists, system administrators, students and everyone who needs to analyze network traffic in PCAP format (libpcap — ETHERNET and IEEE 802.11). It is also possible to set filters for identifier search TCP headers (Documents, Multimedia, Files, Logins, Passwords etc.). If necessary, it is possible to view detailed statistics on every MAC address, including COOKIES, USER-AGENTS, HTTP GET/POST and a lot more. Please visit forum - if you have any idea :-) Last version my program you can search in my home web page! Thanks!
A program assist you to solve the crash problems
ASP.NET 2.0 Unhandled Exception Module Installer to get meaningful results in the event log instead of the usual ".NET Runtime 2.0 Error Reporting clr20r3 w3wp.exe" entry. A Visual Studio 2008 Solution, x86 and x64 installers
Analysis in C# of packets captured from network using libpcap/WinPcap
Developed under Microsoft Visual Studio 2010/12/13 and .Net Framework 4.0/4.5 for Windows XP and later, but also successfully demonstrated under Mono for Linux. The application can fully process a wide selection of PCAP NG, PCAP and NA Sniffer packet captures and can fully unpack a range of frames, packets and datagrams therein, but the unpacked data is not utilised in the configured version of the code. Without additional knowledge of the structure of the messages, the application cannot handle multiple messages within a TCP packet. The code can perform latency analysis for packet round trips across a network and analysis for time messages on a network, but you must add in RegisterMessageReceipt and RegisterTimeMessageReceipt calls, respectively, into specific message handling to utilise this functionality. Histograms can be output for the latency and time analysis results
A console application written in .NET to parse Internet History files. The target .NET framework is v2.0 and up, so this should work with all Windows systems from XP to 7. It has been tested on Vista and 7 so far.
Parses donations from EL and displays them
Intended to be used during a live stream, this parser will poll for new donations based on a comma-delimited list of ids and display them in a frameless background with a total. Colors can be changed without closing the display to support streamers using a chroma key. Licensed under GPL version 3
The Forensics Data Identifier (FDI) is a tool which allows for large data files to be easily filtered for common forensically relevant data types.The tool was intended to speed up the ediscovery and analysis processes of the forensics investigation
Internet Control Firewall Intrusion Detection and Logger for Inbound and Outbound Traffic. Watches Files and Directories, Drive and Memory Protection.
TISCONSREP - консольное приложение, позволяющее сформировать отчет по трафику, используя базы данных ПО Traffic Inspector (Трафик Инспектор).
VisualTracert 1.0 is a traceroute tool with an integrated visual map. You can perform whois queries for domains and network nodes. It's also a ping utility for network hosts, a DNS client for testing DNS server performance and an HTTP client viewer.
chill is a heavy-module-based web-application with a core supporting many features. writing own modules for... everything. modules for webmail, firewall/router-administration, server-administration are planned natively.
SQLJuicer - SQL Server Transaction Log Forensics
SQLJuicer - SQL Server Transaction Log Forensics This is a Perl tool that lists database CRUD transactions parsing SQL Server Transaction Log entries. It depends on SQL Server and SQLCMD utility. Due to this dependencies, SQLJuicer.pl script cannot run in Linux. It is prepared to be localized to any language. The output language, by this date, can be English (default) and Brazilian Portuguese