Open Source Linux Log Analysis Software

The pimped Apache status makes the Apache server status readable, sortable and searchable. The pimped Apache status can merge the status of several servers that opens the possibility to identify the troubleshooter even in a loadbalanced website. The webbased tool offers a multilanguage, skinable interface with a built-in updater. In several views you see most requested pages, vhosts, used methods, IPs that make the most requests and more. All views are sortable tables you can filter by a keyword and are available as API Request too to get its data as CSV, XML or JSON. Compatible with PHP 7+8 (and should run on PHP 5.x - but is not supported).

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly". And we got personal cabinet for each user/group.

swatchdog.pl started out as swatch, the "simple watchdog" for activity monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. The name has been changed to satisfy a request made by the old Swiss watch company.

LightSquid is a LIGHT and FAST, web based squid proxy traffic analyser . analize access.log and generate per-user & per group report.

Monolog sends your logs to files, sockets, inboxes, databases and various web services. See the complete list of handlers below. Special handlers allow you to build advanced logging strategies. This library implements the PSR-3 interface that you can type-hint against in your own libraries to keep a maximum of interoperability. You can also use it in your applications to make sure you can always use another compatible logger at a later time. As of 1.11.0 Monolog public APIs will also accept PSR-3 log levels. Internally Monolog still uses its own level scheme since it predates PSR-3. Tidelift delivers commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Monolog 1.x support is somewhat limited at this point and only important fixes will be done. You should migrate to Monolog 2 where possible to benefit from all the features.

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. This project is being actively developed on GitHub (https://github.com/denyhosts)

HoneyVIew ist a tool to analyze honeyd-logfiles of the honeyd-daemon implemented by Niels Provos in an convenient way. HoneyView generates graphical and textual results from queries against the logfile data.

[ set status to abandon - volunteers welcome ] The postfix-logwatch / amavis-logwatch log analyzers produce summaries, reports and statistics regarding the operation of postfix and amavis. Use standalone, or as a filter module for the open source logwatch utility.

this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks

AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.

Scripts and tools to manage your Server.

lla is an LDAP Logfile Analyser , it generates statistics At this moment only NS 4.11 Logfiles have been tested. Your on your own if you want to analyse other type of Logfiles. But feel free to give feedback on your experiments and contribute patches to t

IPCAD runs captures traffic on the specified interfaces (BPF, PCAP, divert, tee, ULOG, IPQ), and records the traffic for later retrieval and analysis. Traffic exported via RSH or NetFlow.

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

Sgrep (sorted grep) is a much faster alternative to traditional Unix grep when searching large files, because sgrep searches sorted input files using a fast binary search to find matching lines.

GoAccess is a real-time Apache web log analyzer and interactive viewer that runs in a terminal and provides fast and valuable HTTP statistics for system administrators that require a visual report on the fly.

SRG is a log file analyser and report generator for the Squid web proxy. It is fast and was created to allow easy integration with other authentication systems. SRG is flexible and can report right down the the level of individual files requested.

log2web is a software intended to expose on a simple web page the logs generated by log4j. The objective is to have an online log viewing tool to replace a "tail -f" plus some other benefits.

redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB

Logpp is a tool for preprocessing event logs and feeding relevant data to other programs for storing or in-depth analysis. Logpp reads lines appended to input files, matches the lines with patterns, and writes the results to given destinations.

The ProM Import Framework allows to extract process enactment event logs from a set of information systems. These can be exported in the MXML format, which is the standard event log data format for Process Mining analysis techniques.

A Python script that parses and mails ipchains, iptables and snort logfiles into the DSHIELD format for submission to DShield.org

FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.