Open Source Python Log Analysis Software

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

The goal of PyTables is to enable the end user to efficiently and easily manipulate large datasets (both homogenous, i.e. arrays, and heterogenous, i.e. tables) on a persistent, hierarchical way.

DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. This project is being actively developed on GitHub (https://github.com/denyhosts)

BigBrotherBot (B3) is a cross-platform, cross-game game administration bot. Features in-game administration of game servers, multiple user access levels, and database storage. Currently include parsers for: Call of Duty, Urban Terror and more!

The Exchange Server SMTP Log Viewer is a graphical tool developed using Python. It is designed to help system administrators and developers analyze SMTP server logs efficiently.

Apache Log Parser and Data Normalization Application Python handles File Processing & MySQL handles Data Processing ApacheLogs2MySQL consists of two Python Modules & one MySQL Schema to automate importing Access & Error files and normalizing data into database designed for reports & data analysis. Runs on Windows, Linux and MacOS & tested with MySQL versions 8.0.39, 8.4.3, 9.0.0 & 9.1.0. 4 LogFormats & 2 ErrorLogFormats can be loaded and 5 MySQL Stored Procedures can be processed in a single Python `ProcessLogs function` execution. Database system designed to accommodate unlimited domains. Step-by-step guide for easy installation. Web interface with Drill Down Capability and apache/echarts Log Visualization integration in development. MySQL apache_logs schema currently has 49 Tables, 853 Columns, 168 Indexes, 66 Views, 7 Stored Procedures and 43 Functions to process Apache Access log in 4 formats & Apache Error log in 2 formats. Database normalization at work!

d3vscan is a simple yet powerful network and Bluetooth scanner which is based on PyGTK.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Multi-threaded host name and technical contact lookup tool. Reads a list of counted IP addresses (as outputted by uniq -c) from stdin or a file. Resolves their hostnames and (whois) technical contacts. Writes info to stdout.

Cislog is a syslog server that specifically targets Cisco devices and their implementation of the syslog protocol. It consists of a Django web interface and a syslog listener with a database between them.

A Python script that parses and mails ipchains, iptables and snort logfiles into the DSHIELD format for submission to DShield.org

Python scripts that filter, parse, mask, and analyze FileZilla Server Log files. Works on Windows, Linux, and Mac systems. WARNING: NEW VERSIONS ARE BEING POSTED TO GITHUB HERE: https://github.com/Stunner/FileZilla-Log-Analyzer

A multiplatform visual implementation of the Unix utility grep

A log parser for Haproxy that provide connection time statistics. Haproxy log parser Embeded email reporting

An IRC logging bot, created to be easy to use and simple to configure. The bot comes with a powerful web interface, which through fancy graphs and number illustrate the statistics and logs of both the activity of the user and the channel.

This is a program that watches your system log files, looking for hack attempts. It instanty reacts to potential security breaches by (for instance) adding firewall rules to cut off the attacker.

Loganalyzer for Windows XP Firewall and Linux Iptables firewall. Generates a nice html document with statistics from all the pakets captured by the firewall. The program is written in Python and has an (optional) graphical interface.

Graphize logs on the web browser. Fast javascript implementation needed with large monitor use.

META is a decision making software which aims are to track computer attackers, computer attacks and to help investigators finding useful elements.

Nuhe is a log monitoring system, which is capable of alarm generation and action when rules are matched against log(s) activity.

Nuhe Client is a project related to the Nuhe Action Capable Log Monitor. This GUI client simplifies the administration of sensors and node managers, making it easier to control and monitor the network. Comes with a rule editor as well as a log monitor.

Security analysis tools produced by The Ohio State University Network Security Group.

Postfix Log Parser in Python is a log analysis tool written in python language to get statistic reports and detect anomalous behaviours on a mail server based on Postfix and Cyrus

This project is an approach to automating the testing of performance properties of complex systems.Just like functional specs for software we aim to develop an executable language for asserting performance expectations of a program.This implements Sharon

PyIDS is an intrusion detection system whose aim is to provide concise information to administrators about some parts of the system i.e filesystem checksums, unknown connections to the machine, access control lists of special files, log revision...