Open Source Log Analysis Software

AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

AfterGlow is a scripts which facilitates the process of generating link graphs from CSV input. AfterGlow is written in Perl and generates output that can be read by GraphViz, Gephi, etc. Source: https://github.com/zrlram/afterglow Tarball: http://pixlcloud.com/afterglow-2

Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration.

This project contains the PERL scripts, which can rearrange the logs from /var/log/messages and insert in to the database. Scripts can also separate logs for each syslog clients as well as for each application of syslog client.

KismetToolSuite contains a couple of command-line tools to analyze, convert and merge Kismet log files (.csv, .gps and .xml). It is also a windows version for the Kismet to NetStumbler converter available!

ttyrpld is a multi-OS kernel-level TTY keylogger and screenlogger with (a)synchronous replay support. It runs on Linux, Solaris, FreeBSD, NetBSD and OpenBSD.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Panoptis plans to create a network security tool (N-IDS) to detect and block DoS and DDoS attacks. The programming language is C++, and the input is being provided by routers.

The Forensics Data Identifier (FDI) is a tool which allows for large data files to be easily filtered for common forensically relevant data types.The tool was intended to speed up the ediscovery and analysis processes of the forensics investigation

With the Log Parser one can scan logs, whitelist out legitimate, non-corrupt entries (usually file paths), and apply a standard format to a log generated by any antivirus or malware-removal program. This makes for easier reading of the meat in any log.

ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.snaresolutions.com/try-snare-for-free/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.snaresolutions.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!

readlog is a pair of scripts for reviewing iptables firewall logs via a handy web interface using a MySQL backend.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Multi-threaded host name and technical contact lookup tool. Reads a list of counted IP addresses (as outputted by uniq -c) from stdin or a file. Resolves their hostnames and (whois) technical contacts. Writes info to stdout.

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP into IPFW table effectively blocking them. Addresses are removed from the table after expiration period

A utility that lists all URLs in a user's Internet Explorer cache. The list can be exported to a text file or copied to the clipboard. Written in Visual Basic for most Windows versions.

Capra is a Open Source tool to quickly get some nice and useful reports out off your Watchguard Fireware log files.

Cnc's IP Data Volume Report: Logs IP to IP contact, number of packets, bytes, time of contact, Ethernet too! View via local web interface. Very simple for those who want to view who your computer is contacting the most!

This is a multiplatform general utility suite for use with existing network stumbling software, such as Kismet or NetStumbler. The program will convert between multiple output logs, including the popular wi-scan format, between platforms.

DAD is a Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time. DAD requires no agents on the servers or workstations. Correlation and analysis is driven through a web front end.

DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.

ExamLog is a Log analyzer, developed for syslog messages. It works on a Unix/Linux console, searching for user defined patterns. ExamLog, can divide and clasify syslog messages, and send them to a remote/local postgresql DataBase.