Logiciel Télécharger Carte

IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.

grepcidr can be used to filter a list of IP
addresses against one or more Classless
Inter-Domain Routing (CIDR) specifications, or
arbitrary networks specified by an address range.
As with grep, there are options to invert matching
and load patterns from a file. grepcidr is capable
of comparing thousands or even millions of IPs to
networks with little memory usage and in
reasonable computation time. It has endless uses
in network software, including mail filtering and
processing, network security, log analysis, and
many custom applications.

SRG (Squid Report Generator) is a log file
analyzer and report generator for the Squid Web
proxy. It was created to allow easy integration
with authentication systems such as those that are
used for squid itself. It is fast and flexible,
and can report details down to the individual
files fetched.

Petit was developed to quickly analyze syslog and Apache log files in large environments. It can also be used for word discovery within log data. It is a general purpose tool that can do hashing, word counts, and command line graphing of Apache and syslog files. It is designed to be a standard Unix tool that can be employed with pipes or by opening files. Petit works by sifting data with standard patterns and allows for custom filters and fingerprints. This leaves the analyst with data that is both varied and interesting.

aNTG (another Network Traffic Grapher) is a PHP program that collects and graphs network traffic statistics on a Linux machine.

tinydns-rrd generates realtime graphs from your
tinydns logs by using rrdtool. It works well with
high traffic DNS servers.

MySQL Squid Access Report, "mysar" for short, is a system for near-realtime monitor of user Web activity, using Squid's log file.

Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML, and XML, or to monitor firewalling logs in real-time. For now, netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, and snort input formats are supported. It is particularly fast when asynchronous DNS resolution is enabled.
The goal of the WallFire project is to build a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wflogs is part of the WallFire project, but can be used independently.

Fido is a multi-threaded file watcher which searches files in real time for user-defined patterns. When it locates a match, it runs a user-defined program. It is useful for monitoring log files for issues and responding to them. It was designed to recognize log file rotation and start monitoring from the beginning of the new file.

Apache::Logmonster is a tool to collect log files from multiple Apache Web servers, split them based on the virtual host, sort the logs into chronological order, and then pipe them into a log file analyzer of your choice (Webalizer, http-analyze, AWstats, etc).

incident.pl is a small script that, when given syslogs generated by
snort or other tools, can generate an incident report for events that
appear to be attempted security attacks, gather information on the
remote host, and report the attack to the appropriate administrators.

NISCA (Network Interface Statistics Collection Agent) is a more flexible PHP4-based MRTG replacement. It supports both SNMP and reading localhost's /proc/net/dev device file directly for statistics gathering. It uses MySQL to store collected data in, and stores statistics for bytes transferred, packets transferred, transfer errors, and dropped packets separated into a per interface incoming and outgoing set. It generates both graphs and a textual report table using the data from any timeframe contained in the database. The entire package runs using PHP4; it uses the CGI binary version of PHP for stats collection (running in the background as a "daemon") and either the CGI or Apache module versions to generate the GUI form and reports. It can also import existing MRTG logfiles.

Qmrtg is a modular tool to help monitoring the
activity of software processes. It's intended to be
used with MRTG. It was originally written for monitoring qmail servers, but its modules are general enough to parse any kind of log file passed through multilog (see daemontools). QMRTG is modular. Each module carries out a different log analysis. A super-module lets the user easily request any analysis without having to know anything about the modules themselves. QMRTG is a modern alternative to qmailmrtg7.

The main purpose of LoFiMo is, as the name states, to monitor log files. It does this in real time, i.e. shows the contents of log files as they are changing. The user can connect to LoFiMo with a Web browser or use the console for plain text output. When using a Web browser, the output can be formatted with cascading stylesheets, which the user can define. Thus, it is possible to highlight certain log entries with different colors and fonts. It is also possible to play sounds or execute commands (send an email, play sound with a custom player, etc.) when a log entry matches a filter.
LoFiMo can parse Apache style log files and syslog style log files. Among others, there are filters that can parse iptables logs and merge multiple log lines of Postfix into a single one.