Search Results for "log analysis tools"

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

...The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. ...

Two tools able to edit your ipfilter.dat . These tools are able to edit your ipfilter.dat in order to check for big ranges and to check adjacent ranges . From the creators of ipfilterX , Nexus23 Labs . - Updates in Progress -

FlowViewer provides a convenient web-based user interface to Mark Fullmer’s flow-tools suite and CMU's netflow data capture/analyzer, SiLK. The inclusion of the underlying SiLK tool set enables FlowViewer users to continue to use the tool with the newer IPFIX netflow data protocol, which includes support for IPv6 and Cisco's v9 and FNF netflow. FlowViewer has been developed for NASA’s Earth Sciences Data and Information System (ESDIS) networks, and credit goes to NASA for their usual...

IPAC-NG is the iptables/ipchains based IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Ipchains and (preferably) iptables are supported. Logs are stored in files, a gdbm or a PostgreSQL database.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. ...

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich...

NetProfiler builds a custom filter (BPF) for your network based off of common communications. FilterAnalyze-NetProfiler analyzes the custom filter built by NetProfiler (it may work with other filters as well).

These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

STARCAT (STAtiscic Reporting, Collecting and Analysing Tool) is a toolkit to gather statistics out of several sources (for example, rrd-files, logfiles, DBMS,...) and create nice-looking reports out of them using XML-templates.

PERL script and required environment to easily use the Afterglow software (http://afterglow.sourceforge.net/ Copyright (c) 2006 Raffael Marty) by listing the packet captures to visualize or by specifying a directory that contains the packet captures.

This useful GUI script help you to monitoring you limit access to internet from GPRS, EDGE, UMTS and etc. It support three types of connection: limited , packet of traffic, unlimited.

Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow analysis tools and logging.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

The logjana program is a log program for the jana proxy server V2. It splits the main logfile "proxy.log" in timed files. The main logfile "proxy.log" will not be change. For questions send a mail at michael.wiechert(at)goo

Proxy-traffic manager. Defines bytelimit for each real user, and prevent them from downloading more than allowed. Provides friendly (Web) GUI for users and a singe manager. Only squid-proxy supported now!

TraffStats: network Traffic Statistic - is a monitoring and traffic analysis software, using SNMP to collect data from any enabled device. - has the ability to generate graphs (using jpgraph) with the option to compare and sum up different devices.

Lighweight Universal Log or Network Analyzer is a Open Source project (written in Perl) with the intention of creating a logsystem which is capable of creating statistics out of the files.

Cisco Perl Tools contains CIPAT (Cisco IP Accounting aggregator) and ISDN-Reporter (Cisco ISDN call aggregation and reporting tool). [NetProvisioning has moved to its own project page on SF]

Schedule emailing of your Smoothwall logs. Schedule on a daily/weekly/monthly basis via cron jobs. Formatting options are text and html. csv formatting planned.

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

LoginWatcher is tailing your messages file and is waiting for an entry representing a failed login attempt via SSH. After a predefined number of attempts, the IP address of the offending host is added to the hosts.deny file to prevent further logins.

Система учета трафика.

readlog is a pair of scripts for reviewing iptables firewall logs via a handy web interface using a MySQL backend.

SrvReport is a simple and featurefull server monitoring and reporting system. It will send every day a mail with the latest state of the server including traffic (via /proc/net/dev and/or iptables), cpu, mail, http, ftp reports and other logs.