Open Source Logging Software

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

File system/directory monitoring utilities with loggin and task processing support (can execute files or make a WCF service call). Multiple configuration options. Source code libraries can be used to create a custom file system monitor.

NOTE PROJECT MIGRATED TO GITHUB - https://github.com/samrocketman/ekeyfinder is a Magical Jelly Bean Keyfinder fork. It is a utility that retrieves the product key used to install Windows from your registry or from an unbootable Windows installation. It works on Windows 9X, ME, NT/2K/XP, and Vista/Win7 and for other software.

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

A simple keylogger written in python. It is primarily designed for backup purposes, but can be used as a stealth keylogger, too. It does not raise any trust issues, since it is a set of [relatively] short python scripts that you can easily examine.

Cyberoam iView; the Intelligent Logging & Reporting solution provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance. To know more about Cyberoam and it’s security solutions visit us at www.cyberoam.com.

tcpick is a textmode sniffer; it tracks tcp streams, shows the status, reassembles and saves the data captured in files or displays them in the terminal in different modes (ascii, hex..). There is a color-mode. Useful to get files passively.

Automated network based hard disk drives / storage devices erasure is server based software which installs on a central server. Server is connected to network switches and several PXE boot enabled workstations are attached to the network. As soon as the workstation is powered on, it boots off the network via the server and begins wiping all the attached hard disk drives. Once all the hard drives are wiped, data related to each hard disk is stored in the central server’s database. Read WIKI Automated unattended network based data erasure wiping Comprehensive Reporting Web GUI reporting Generates certificate of data erasure Barcodes Labels Graphs Pie / Bar / Line Charts Hard Disks bad sectors & health reporting Hard Disk SMART Data collection Database Driven Distributed System Hard Disk Drives health reports Part Open Source * Friendly GUI Graphical User Interface Mass Hard Disk Drive Destruction Data Wiping HDD Data Eraser Storage Array Data Wipe

# clearlogs Clear All Windows System Logs - AntiForensics -- ------------------------------------------------------------------------- # wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. https://technet.microsoft.com/en-us/library/cc732848.aspx -- ------------------------------------------------------------------------- # .Net Framework 4.5.1 -- ------------------------------------------------------------------------- #Visual Studio 2013

LKL is a userspace keylogger that runs under Linux on the x86 arch. LKL logs everything that passes through the hardware keyboard port (0x60). It translates keycodes to ASCII with a keymap file.

Output spool reader for Snort! This program decouples output overhead from the Snort network intrusion detection system and allows Snort to run at full speed. It takes input and output plugins and can therefore be used to convert almost any spooled fil

The application refers to track what happen with your computer USB ports by which USB drive and when. USB 007 can track it in your presence or absence. After inserting a removable disk such as Pen drive, Memory card, External hard disk etc. USB 007 will track the drive name, drive insertion date-time, drive space info and the file-folders (include hidden) that the drive contains. You will also get the updated info before the drive removed. The 4 more important features are that ♦ Enabling & Disabling options of USB ports. ♦ Track which files-folders are sent from/given to your computer. ♦ Track how much time the drive was connected to your computer. ♦ Observe (by reading only) if there is any virus in the drive, without open it.

This program allows you to explore the history of connecting usb drives after installing the system. Small size(19 kb with Gui). Very simple GUI. Export information to *.csv file. Enjoy!

Non-stealth keylogger for Windows. Records mouse and keyboard (precision~10-15ms), log of events (disk size~2.5k/s) + log of operations (~ 0.2k/s). Standalone, with local copy of Python: unzip to install, delete to uninstall.NEW: hidden/visible icon

Logs Analyzer, Alerter & Reporter with a Web Interface

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

THIS PROJECT HAS BEEN ABANDONED SINCE 2007, NO SUPPORT WILL BE PROVIDED. Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits). It detects modifications in your system, so as to detect a trojan or a spyware installation. It also includes a real-time anti-virus. Set your own security level for anti-spyware, ant

The Internet is full of such stuff. So why not introduce to you another one? Go! This is another example of using Win32 API functions to hook some system messages. Just run it once to start listening to the keyboard and clipboard and writing all content into a text log file. Recording will stop the second time you execute it. The author promises that this keylogger has no undeclared functions and is not a malicious program. It is intended for educational use and not for collecting sensitive information.

T RunAs allows you to run a program with administrator rights. it is very useful for administrators who want to grant certain rights for users with no power.