Search Results for "syslog"

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. ...

Logs Analyzer, Alerter & Reporter with a Web Interface

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. ...

icappfd is an ICAP daemon that can scan and change responses received from an HTTP server. It scans content for phrases, assigns a score to a page and will redirect to a block url for each page with a score that passes a pre-configured limit... It's kinda like a spam filter for the web. icappfd is used with proxy servers (squid3, and probably others) to protect users from certain types of content such as gambling, peer2peer, porn etc etc.

This tool can create XAdES (XML) signatures based upon ETSI TS 101 903 v1.3.2 standard. It also includes handling of ITU-T X.509 certificates and RFC 3161 timestamps.

Developed for systems that have an older version of syslogd which does not support multiple sockets (e.g. via the '-a' flag). Performs extensive message validation according to RFC 3164

...NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enable (default behavior in Ubuntu and Windows for example).

MOVED to GITHUB https://github.com/henrik-andreasson/syscheck/ It's a framework build with shell scripts to make sure a system is working and at good health. It started as checker for EJBCA . Used in high security environments, that cant allow standard probes to be installed. The result is sent out with syslog.

These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

Syslog X is a multithreaded syslog server and relay.

This project contains the PERL scripts, which can rearrange the logs from /var/log/messages and insert in to the database. Scripts can also separate logs for each syslog clients as well as for each application of syslog client.

psmd listens on an interface and writes the syslog messages that it sees to disk along with a hash. In addition, it can forward system messages to another system as though the messages came from the original device.

Perl-based syslog watcher that matches certain login failures (SSH, FTP, POP3) and can dynamically block and email an alert, helping to monitor and manage hosting servers. NOTE: Although no recent updates, I'm still able/willing to update this code.

devialog is a behavior/anomaly-based syslog intrusion detection system which detects unknown attacks via anomalies in syslog. It can generate signatures for ease of management, act upon anomalies in a predefined fashion or perform as a standard log parser

Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.

Tool to analyse syslog message. It parses log message and alerts the administrator on certain conditions. It can also do some reporting on existing logs.

ExamLog is a Log analyzer, developed for syslog messages. It works on a Unix/Linux console, searching for user defined patterns. ExamLog, can divide and clasify syslog messages, and send them to a remote/local postgresql DataBase.

Picky - a selective syslog to mysql database daemon. Allows completely dynamic specific translation of syslog data to dynamic mysql table(s). The other projects under this one are tools that take advantage of the flexibility of Picky and demonstrate it

A replacement to traditional syslog daemons. Including cryptographic log protection, mysql, postgresql. Supported on Linux, BSD, Irix, Solaris and AIX.

Port of the sysklogd daemon that logs to a MySQL database. Useful for configuring a centralized logging server, or a secure syslog environment.

Syslog-sec, provides an open secure syslogd implementation based on (RFC) standards, including rfc3164 ("syslog") and the upcoming "syslog-sign" . Other extensions, will/can be added. More tools will be added, too

...It can be installed with most of BSD/Linux systems. The main goal is to provide a web based console for security monitoring, including searching tools through IDS/FireWall/SYSLOG database.

...It operates by passive monitoring of web server traffic to translate web session data to transaction log entries that are written to standard log services such as syslog.