Open Source Windows Log Analysis Software

Shorten your time of reading mega bytes of log files! DE 2016-01 Supporting Don HO's NotePad++ see http://notepad-plus-plus.org/ This sources are a dockable pattern search plugin for Notepad++ version 5.1 or later. With this plugin you can search for multiple patterns in any of the opened documents in NotePad++. You may want to tune your search using all fancy tricks from NPP like regular expressions or escaped patterns and give each of the searches different colors. The result will be stored in a dockable window in same ordering as in the origin and a double click allows you to jump to the original position. It is designed to treat log-files of typical size like 60MB. More features can be found in the help dialogue of the plugin. For generating the dll file I use a msdev compiler. If you like to port it to other OSs just let me know your changes and I'll incorporate it. Best Regards, Mattes H.

AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more

Visual Syslog Server for Windows is a free open source program to receive and view syslog messages. Useful when setting up routers and systems based on Unix/Linux. Visual Syslog Server for Windows has a live messages view: switches to a new received message. Helpful color highlighting. Useful message filtering. Customizable notification and actions. Sources hosted on the GitHub: https://github.com/MaxBelkov/visualsyslog

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly". And we got personal cabinet for each user/group.

ProM is the comprehensive, extensible framework for process mining. Process Mining deals with the a-posteriori analysis of (business) processes using enactment logs.

LightSquid is a LIGHT and FAST, web based squid proxy traffic analyser . analize access.log and generate per-user & per group report.

XL-Parser provides a bunch of functions for data extraction and analysis. It also provides web log analysis features like a tool for detection of suspicious activities. More details and screenshots on http://le-tools.com.

Fluent Bit is a super-fast, lightweight, and highly scalable logging and metrics processor and forwarder. It is the preferred choice for cloud and containerized environments. A robust, lightweight, and portable architecture for high throughput with low CPU and memory usage from any data source to any destination. Proven across distributed cloud and container environments. Highly available with I/O handlers to store data for disaster recovery. Granular management of data parsing and routing. Filtering and enrichment to optimize security and minimize cost. The lightweight, asynchronous design optimizes resource usage: CPU, memory, disk I/O, network. No more OOM errors! Integration with all your technology, cloud-native services, containers, streaming processors, and data backends. Fully event-driven design leverages the operating system API for performance and reliability. All operations to collect and deliver data are asynchronous.

swatchdog.pl started out as swatch, the "simple watchdog" for activity monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. The name has been changed to satisfy a request made by the old Swiss watch company.

This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop the speed of analysis is roughly 100k leases per second. Number of ranges, or shared networks, does not make any significant difference in getting analysis done.

The pimped Apache status makes the Apache server status readable, sortable and searchable. The pimped Apache status can merge the status of several servers that opens the possibility to identify the troubleshooter even in a loadbalanced website. The webbased tool offers a multilanguage, skinable interface with a built-in updater. In several views you see most requested pages, vhosts, used methods, IPs that make the most requests and more. All views are sortable tables you can filter by a keyword and are available as API Request too to get its data as CSV, XML or JSON. Compatible with PHP 7+8 (and should run on PHP 5.x - but is not supported).

The goal of PyTables is to enable the end user to efficiently and easily manipulate large datasets (both homogenous, i.e. arrays, and heterogenous, i.e. tables) on a persistent, hierarchical way.

AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.

BigBrotherBot (B3) is a cross-platform, cross-game game administration bot. Features in-game administration of game servers, multiple user access levels, and database storage. Currently include parsers for: Call of Duty, Urban Terror and more!

The Exchange Server SMTP Log Viewer is a graphical tool developed using Python. It is designed to help system administrators and developers analyze SMTP server logs efficiently.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks

This will log your ip when it changes. It runs as a service which will automatically start up when the computer starts. This is ideal for people who would like to know their ip when they what to use RDC, or any other services which require them to connect to their PC/server. PLEASE REGISTER AT http://www.tylersimmonds.co.uk/ip/admin/

MakeLogic Tail is an advanced "tail -f" command with GUI. It needs JRE 5.0, hence it is 'Tail for Windows', Linux or 'Tail for Mac'. It shows the last few lines of a growing log file in real time. Provides many more easy to use features. Try it!

TailBlazer is a graphical version of the UNIX 'tail' utility. It allows you to monitor log files as they are written. New lines appear as they are written. TailBlazer takes this a step further by supporting pattern matching, filtering, and notification

MySQL Squid Access Report

FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.

Netscreen Firewall Log Analyser which can analyse log files in Netscreen Log File format and copy data into Access Database. Developed by Specialists for Computer Systems (SCS)