Search Results for "log analysis tools"

Performance Co-Pilot (PCP) provides a framework and services to support system-level performance monitoring and management. It presents a unifying abstraction for all of the performance data in a system, and many tools for interrogating, retrieving and processing that data. PCP is a feature-rich, mature, extensible, cross-platform toolkit supporting both live and retrospective analysis. The distributed PCP architecture makes it especially useful for those seeking centralized monitoring of distributed processing.

systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd...

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

Flexible web-based firewall log analyzer, supporting netfilter and ipfilter, ipfw, ipchains, cisco routers and Windows XP system logs, and mysql or postgresql database logs using the iptables ULOG or NFLOG target of netfilter others mapped to the ulogd format with a view. Fully supports IPv6 for database logs, and netfilter and ipfilter system file logs. Also supports Maxmind's GeoIP version 2 location databases. For Linux, FreeBSD, OpenBSD, Solaris, OSX,etc.

this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks

...https://www.snaresolutions.com/try-snare-for-free/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.snaresolutions.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! ...

IPAC-NG is the iptables/ipchains based IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Ipchains and (preferably) iptables are supported. Logs are stored in files, a gdbm or a PostgreSQL database.

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich...

vSysLog is simple syslog viewer developed for showing syslog messages in more human-readable form. This software uses user-defined patterns for formatting received messages. It works on Linux/GTK+ platform.

GoAccess is a real-time Apache web log analyzer and interactive viewer that runs in a terminal and provides fast and valuable HTTP statistics for system administrators that require a visual report on the fly.

sprintproxy is a quite small multithreading http-proxy in ANSI-C for use under a Unix/Linux - plattform. It will have new-art console-display, content-filters and statistics output.

Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow analysis tools and logging.

Logdigest mails interesting lines from log files to the system administrator. Non-relevant lines are filtered out by customizable regular expressions. Logdigest comes with a set of such regexps to provide a good starting point.

Logpp is a tool for preprocessing event logs and feeding relevant data to other programs for storing or in-depth analysis. Logpp reads lines appended to input files, matches the lines with patterns, and writes the results to given destinations.

The kernel network stack may behave not as expected, especially in the case of receiving packets. With Ianus it is possible to bypass the kernel network stack and to develop your own network stack in user space or other tools.

Analyzes radius proxy servers by monitoring radius packets passed across the server's interface.

Nuhe is a log monitoring system, which is capable of alarm generation and action when rules are matched against log(s) activity.

The first stage of development is do write a tool to anonymize packet capture files captured with libpcap. After that we will be integrating this with tcpdump to anonymize in real-time and analyze and look for its effect on different IDS's.

Cnc's IP Data Volume Report: Logs IP to IP contact, number of packets, bytes, time of contact, Ethernet too! View via local web interface. Very simple for those who want to view who your computer is contacting the most!

IPCAD runs captures traffic on the specified interfaces (BPF, PCAP, divert, tee, ULOG, IPQ), and records the traffic for later retrieval and analysis. Traffic exported via RSH or NetFlow.

Система учета трафика.

META is a decision making software which aims are to track computer attackers, computer attacks and to help investigators finding useful elements.

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP into IPFW table effectively blocking them. Addresses are removed from the table after expiration period

Dent is a project focused upon network modeling and analysis tools. The project currently supports an OS X, Cocoa-based application and technologies based upon the Mozilla framework.

Universal IP-traffic collector. Can gather data from Cisco IP Accounting / ipcad, Mikrotik, NSG, Revolution routers.