you are here: home > security > tools > loganalysis
Call trans opt: receveid. 9-18-99 14:32:31 REC:log>
WARNING: carrier anomaly
Trace program: running
> Welcome 213.186.33.16
16.05.2008 - 09:44 (07:44 GMT)
5orry, you have... NO MAIL.

Log Analysis : The Complete Toolsbox

  • This category contains 10 Tools
  • The last tool was added on 2007-02-12 (YYYY-MM-DD)
  • Use the Source Lucie!!! >:)

 fwanalog -v0.6.4

Published on 2004-03-18 - by Balázs Bárány, ©Balázs Bárány.

fwanalog is a shell script that parses and summarizes firewall logfiles. It currently (version 0.6.4pre4) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD, NetBSD and Solaris 8 with ipf), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, some ZyXEL/NetGear routers and (experimentally) Cisco PIX, Watchguard Firebox and Firewall-One (not NG!) firewalls.

 FWReport -v1.1.7

Published on 2003-09-23 - by Chris Travers, ©Chris Travers.

FWReport is a log parser and reporting tool for IPTables. It generates daily and monthy summaries of the log files, allowing the admin to free up substantial time, maintain better control over security of the network, and reduce unnoticed attacks.

 IPTables log analyzer -v0.4

Published on - by Gérald GARCIA, ©Gérald GARCIA.

IPTables log analizer (TODO : find a nice name for it) displays Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).

 Lire -v1.4

Published on - by Stichting Logreport Foundation, ©Logreport Foundation.

As any good system administrator knows, there's a lot more to keep track of in an active network than just webservers. Lire is hands down the most versatile log analysis software available today. Lire not only keeps you informed about your HTTP, FTP, and mail traffic, it also reports on your firewalls, your print servers, and your DNS activity. The ever growing list of Lire-supported services clearly outstrips any other software, in large part thanks to the numerous volunteers who have pioneered many new services and features. Lire is a total solution for your log analysis needs.

 Logcheck -v1.2.33

Published on 2005 - by Todd Troxell, Maximilian Attems, Gerfried Fuchs, Eric Evans, Jam, ©Todd Troxell, Maximilian Attems, Gerfried Fuchs, Eric Evans, Jamie Penman-Smithson.

Logcheck is a simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.

 Logrep -v1.4.2

Published on 2003-11-16 - by Tevfik Karagulle, ©Tevfik Karagulle.

Logrep is a secure multi-platform framework for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi dimensional analysis, overview pages, SSH communication, and graphs, and supports 18 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, ipchains, iptables, NT event logs, Firewall-1, wtmp, xferlog, Oracle listener and Pix.

 RazorBack -v1.0.3

Published on - by RedPhoenix, ©RedPhoenix.

RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Snort should be configured to send data to syslog for razorback to display the data.

 Snortalog -v1.7

Published on - by Jérémy Chartier, ©Jérémy Chartier.

Snortalog is a powerfull perl script that summarize snort logs making an easy view of what attacks are being seen through your network.

 squidanalog -v0.2

Published on - by Hendry D. Lee, ©Hendry D. Lee.

squidanalog is a collection of programs and scripts that will gather information from squid access.log, and save it into Round Robin Database format using rrdtool. A nice customized graphics can be plotted from it.

 Squidefender -v1.3

Published on 2003-10-25 - by Jeroen van Nieuwenhuizen and Jasper O Waale, Jeroen C. van Nieuwenhuizen.

Squidefender is a perl script which parses a squid log file in native format for attacks. If it finds an attack is sends a complaint email to the ISP of the attacker. It also has the option to execute an external command to take other actions. This can for example be used to automatically adapt your firewall when an attack has occured. The complaint function of squidefender is largely based on the code of Wormwarner. The power of squidefender lays in it configuration options which let you easily add new attacks to scan for. Another interesting option of squidefender is that it gives you the ability to use different message templates based on the attack found.

Search: