Search Results for "syslog"

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. ...

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. ...

Logs Analyzer, Alerter & Reporter with a Web Interface

Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and consultancy etc) and as a web-based tool (for more permanent/pretty deployment (with historical reporting and live stats). ...

SendMeSpamIDS is a python written honeypot. It includes HTTP, HTTPS, SMTP and many more, which are under constant development. The scripts support syslog and are ready for ELK integration.

icappfd is an ICAP daemon that can scan and change responses received from an HTTP server. It scans content for phrases, assigns a score to a page and will redirect to a block url for each page with a score that passes a pre-configured limit... It's kinda like a spam filter for the web. icappfd is used with proxy servers (squid3, and probably others) to protect users from certain types of content such as gambling, peer2peer, porn etc etc.

This tool can create XAdES (XML) signatures based upon ETSI TS 101 903 v1.3.2 standard. It also includes handling of ITU-T X.509 certificates and RFC 3161 timestamps.

...Analyze' with its own UI which analyzes connector logs manually or using an API that can be started from the command line, a schedule task or from the console with an action in rule, tool or integration command (if you use the API you can forward the events to a syslog listener in CEF format).

Developed for systems that have an older version of syslogd which does not support multiple sockets (e.g. via the '-a' flag). Performs extensive message validation according to RFC 3164

...NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enable (default behavior in Ubuntu and Windows for example).

A syslogd supporting on-demand disk buffering, TCP, writing to databases, configurable output formats, high-precision timestamps, filtering on any syslog message part, on-the-wire message compression, and the ability to convert text files to syslog.

MOVED to GITHUB https://github.com/henrik-andreasson/syscheck/ It's a framework build with shell scripts to make sure a system is working and at good health. It started as checker for EJBCA . Used in high security environments, that cant allow standard probes to be installed. The result is sent out with syslog.

These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

Php-Loging-System is a front-end for viewing syslog-ng messages and snort alerts logged to MySQL in real-time, with Apache, Bash, and Squid detailed searching and analysis.

JMassLogProcess is an next generation SIEM solution, based on high performance syslog and snmp trap collector(up to 20,000 logs/s),Distributed File System(Hadoop),Complex Event Processing Engine and ZK …….

Syslog X is a multithreaded syslog server and relay.

This project contains the PERL scripts, which can rearrange the logs from /var/log/messages and insert in to the database. Scripts can also separate logs for each syslog clients as well as for each application of syslog client.

psmd listens on an interface and writes the syslog messages that it sees to disk along with a hash. In addition, it can forward system messages to another system as though the messages came from the original device.

Perl-based syslog watcher that matches certain login failures (SSH, FTP, POP3) and can dynamically block and email an alert, helping to monitor and manage hosting servers. NOTE: Although no recent updates, I'm still able/willing to update this code.

devialog is a behavior/anomaly-based syslog intrusion detection system which detects unknown attacks via anomalies in syslog. It can generate signatures for ease of management, act upon anomalies in a predefined fashion or perform as a standard log parser

Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.

Tool to analyse syslog message. It parses log message and alerts the administrator on certain conditions. It can also do some reporting on existing logs.

ExamLog is a Log analyzer, developed for syslog messages. It works on a Unix/Linux console, searching for user defined patterns. ExamLog, can divide and clasify syslog messages, and send them to a remote/local postgresql DataBase.

Distributed Syslog collector and viewer system with reliable Syslog msgs over tcp, and query with reg ex. using PERL. Supports IETF syslog and syslog relay, JAVA/JINI based, uses postgreSQL, JBOSS. Chain of custody raw to db data link. UTF8, D, F , UK

Picky - a selective syslog to mysql database daemon. Allows completely dynamic specific translation of syslog data to dynamic mysql table(s). The other projects under this one are tools that take advantage of the flexibility of Picky and demonstrate it