Open Source Logging Software

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

File system/directory monitoring utilities with loggin and task processing support (can execute files or make a WCF service call). Multiple configuration options. Source code libraries can be used to create a custom file system monitor.

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

tcpick is a textmode sniffer; it tracks tcp streams, shows the status, reassembles and saves the data captured in files or displays them in the terminal in different modes (ascii, hex..). There is a color-mode. Useful to get files passively.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

OpenXDAS is an open source implementation of the Open Group's Distributed Auditing Service (XDAS) specification. OpenXDAS provides a complete implementation of the XDAS specification API, including client-side instrumentation and filtering.

A simple keylogger written in python. It is primarily designed for backup purposes, but can be used as a stealth keylogger, too. It does not raise any trust issues, since it is a set of [relatively] short python scripts that you can easily examine.

NOTE PROJECT MIGRATED TO GITHUB - https://github.com/samrocketman/ekeyfinder is a Magical Jelly Bean Keyfinder fork. It is a utility that retrieves the product key used to install Windows from your registry or from an unbootable Windows installation. It works on Windows 9X, ME, NT/2K/XP, and Vista/Win7 and for other software.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

# clearlogs Clear All Windows System Logs - AntiForensics -- ------------------------------------------------------------------------- # wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. https://technet.microsoft.com/en-us/library/cc732848.aspx -- ------------------------------------------------------------------------- # .Net Framework 4.5.1 -- ------------------------------------------------------------------------- #Visual Studio 2013

A Gradle plugin for printing beautiful logs on the console while running tests. The plugin registers an extension called testlogger (all lowercase and one word) at project level as well as for each task of type Test. By default, the showExceptions flag is turned on. This shows why the tests failed including the location of the failure. Of course, you can switch off this slightly more verbose logging by setting showExceptions to false. Just like Gradle itself, by default only the last frame that matches the test class's name in a stack trace is printed. For vast majority of cases, that is sufficient. Sometimes, it is useful to remove this filtering in order to see the entirety of the stack trace.

Automated network based hard disk drives / storage devices erasure is server based software which installs on a central server. Server is connected to network switches and several PXE boot enabled workstations are attached to the network. As soon as the workstation is powered on, it boots off the network via the server and begins wiping all the attached hard disk drives. Once all the hard drives are wiped, data related to each hard disk is stored in the central server’s database. Read WIKI Automated unattended network based data erasure wiping Comprehensive Reporting Web GUI reporting Generates certificate of data erasure Barcodes Labels Graphs Pie / Bar / Line Charts Hard Disks bad sectors & health reporting Hard Disk SMART Data collection Database Driven Distributed System Hard Disk Drives health reports Part Open Source * Friendly GUI Graphical User Interface Mass Hard Disk Drive Destruction Data Wiping HDD Data Eraser Storage Array Data Wipe

THIS PROJECT HAS BEEN ABANDONED SINCE 2007, NO SUPPORT WILL BE PROVIDED. Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits). It detects modifications in your system, so as to detect a trojan or a spyware installation. It also includes a real-time anti-virus. Set your own security level for anti-spyware, ant

The Internet is full of such stuff. So why not introduce to you another one? Go! This is another example of using Win32 API functions to hook some system messages. Just run it once to start listening to the keyboard and clipboard and writing all content into a text log file. Recording will stop the second time you execute it. The author promises that this keylogger has no undeclared functions and is not a malicious program. It is intended for educational use and not for collecting sensitive information.

LKL is a userspace keylogger that runs under Linux on the x86 arch. LKL logs everything that passes through the hardware keyboard port (0x60). It translates keycodes to ASCII with a keymap file.

justniffer is a TCP sniffer. It reassembles and reorders packets and displays the tcp flow in a customizable way. It can log network traffic in web server log format. It can also log network services performances (e.g. web server response times) and extract http content (images, html, scripts, etc)

Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil

This program allows you to explore the history of connecting usb drives after installing the system. Small size(19 kb with Gui). Very simple GUI. Export information to *.csv file. Enjoy!

The application refers to track what happen with your computer USB ports by which USB drive and when. USB 007 can track it in your presence or absence. After inserting a removable disk such as Pen drive, Memory card, External hard disk etc. USB 007 will track the drive name, drive insertion date-time, drive space info and the file-folders (include hidden) that the drive contains. You will also get the updated info before the drive removed. The 4 more important features are that ♦ Enabling & Disabling options of USB ports. ♦ Track which files-folders are sent from/given to your computer. ♦ Track how much time the drive was connected to your computer. ♦ Observe (by reading only) if there is any virus in the drive, without open it.

KeyCounter is a tool for the tray-bar that helps you to get statistics about the useage of your computers keyboard, mouse and uptime. KeyCounter is not intended to work as a keylogger.

Logs Analyzer, Alerter & Reporter with a Web Interface

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.