Open Source Python Log Analysis Software

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. This project is being actively developed on GitHub (https://github.com/denyhosts)

Scripts and tools to manage your Server.

A tool to visualize interactively huge amounts of eventdata. Uses an innovative hierarchical zoomlens scaling from quarters down to 50 ms.

Cislog is a syslog server that specifically targets Cisco devices and their implementation of the syslog protocol. It consists of a Django web interface and a syslog listener with a database between them.

A Python script that parses and mails ipchains, iptables and snort logfiles into the DSHIELD format for submission to DShield.org

A multiplatform visual implementation of the Unix utility grep

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Loganalyzer for Windows XP Firewall and Linux Iptables firewall. Generates a nice html document with statistics from all the pakets captured by the firewall. The program is written in Python and has an (optional) graphical interface.

META is a decision making software which aims are to track computer attackers, computer attacks and to help investigators finding useful elements.

Nuhe is a log monitoring system, which is capable of alarm generation and action when rules are matched against log(s) activity.

Nuhe Client is a project related to the Nuhe Action Capable Log Monitor. This GUI client simplifies the administration of sensors and node managers, making it easier to control and monitor the network. Comes with a rule editor as well as a log monitor.

Security analysis tools produced by The Ohio State University Network Security Group.

Postfix Log Parser in Python is a log analysis tool written in python language to get statistic reports and detect anomalous behaviours on a mail server based on Postfix and Cyrus

This project is an approach to automating the testing of performance properties of complex systems.Just like functional specs for software we aim to develop an executable language for asserting performance expectations of a program.This implements Sharon

PyIDS is an intrusion detection system whose aim is to provide concise information to administrators about some parts of the system i.e filesystem checksums, unknown connections to the machine, access control lists of special files, log revision...

PyEximon is a GNOME monitor/manager for the popular MTA, Exim. It includes real-time status graphs and log updates, colored log browsing, hierarchial message lists, as well as a graphical interface to common message functions.

py-rrdtool is a Python module provides an interface to RRDTool, the well known graphing/logging tool.

RRFiller provides an easy-to-use solution for logging statistics into an RRDTool database. Designed to complement RRGrapher, the project also provides configurations for creation and updating RRD databases using standard tools like vmstat and netstat.

The Secure Remote Log Monitor (SRLM) project provides client and server utilities that collect application or system log files from multiple systems over an untrusted network onto a central server for analysis and action.

This is a Firewall and IDS front-end, the main purpose is simplify configuration of Iptables and Fwsnort and Psad management. The Firewall provides an experimental feature to decide in real-time about each outgoing connection.

Shadow Watcher is a Peer to Peer log sharing tool for the security analyst. Consider it a "community watch" program which allows you to keep your system secure from the threats on the internet and help others do the same.

Use python to parse privoxy log in clf format and refer to wot ratings of the site and then dump the data in a sqlite database for statistics generation later.

This program сonstantly reads the file(like "tail -f") and сompares every line with expression in file and executing some actions.

fwgraph is an attempt to characterize and present network traffic including network devices, QoS, and iptables under Linux.