Open Source Windows Log Analysis Software

Shorten your time of reading mega bytes of log files! DE 2016-01 Supporting Don HO's NotePad++ see http://notepad-plus-plus.org/ This sources are a dockable pattern search plugin for Notepad++ version 5.1 or later. With this plugin you can search for multiple patterns in any of the opened documents in NotePad++. You may want to tune your search using all fancy tricks from NPP like regular expressions or escaped patterns and give each of the searches different colors. The result will be stored in a dockable window in same ordering as in the origin and a double click allows you to jump to the original position. It is designed to treat log-files of typical size like 60MB. More features can be found in the help dialogue of the plugin. For generating the dll file I use a msdev compiler. If you like to port it to other OSs just let me know your changes and I'll incorporate it. Best Regards, Mattes H.

Visual Syslog Server for Windows is a free open source program to receive and view syslog messages. Useful when setting up routers and systems based on Unix/Linux. Visual Syslog Server for Windows has a live messages view: switches to a new received message. Helpful color highlighting. Useful message filtering. Customizable notification and actions. Sources hosted on the GitHub: https://github.com/MaxBelkov/visualsyslog

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

LightSquid is a LIGHT and FAST, web based squid proxy traffic analyser . analize access.log and generate per-user & per group report.

The pimped Apache status makes the Apache server status readable, sortable and searchable. The pimped Apache status can merge the status of several servers that opens the possibility to identify the troubleshooter even in a loadbalanced website. The webbased tool offers a multilanguage, skinable interface with a built-in updater. In several views you see most requested pages, vhosts, used methods, IPs that make the most requests and more. All views are sortable tables you can filter by a keyword and are available as API Request too to get its data as CSV, XML or JSON. Compatible with PHP 7+8 (and should run on PHP 5.x - but is not supported).

Monolog sends your logs to files, sockets, inboxes, databases and various web services. See the complete list of handlers below. Special handlers allow you to build advanced logging strategies. This library implements the PSR-3 interface that you can type-hint against in your own libraries to keep a maximum of interoperability. You can also use it in your applications to make sure you can always use another compatible logger at a later time. As of 1.11.0 Monolog public APIs will also accept PSR-3 log levels. Internally Monolog still uses its own level scheme since it predates PSR-3. Tidelift delivers commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Monolog 1.x support is somewhat limited at this point and only important fixes will be done. You should migrate to Monolog 2 where possible to benefit from all the features.

Fluent Bit is a super-fast, lightweight, and highly scalable logging and metrics processor and forwarder. It is the preferred choice for cloud and containerized environments. A robust, lightweight, and portable architecture for high throughput with low CPU and memory usage from any data source to any destination. Proven across distributed cloud and container environments. Highly available with I/O handlers to store data for disaster recovery. Granular management of data parsing and routing. Filtering and enrichment to optimize security and minimize cost. The lightweight, asynchronous design optimizes resource usage: CPU, memory, disk I/O, network. No more OOM errors! Integration with all your technology, cloud-native services, containers, streaming processors, and data backends. Fully event-driven design leverages the operating system API for performance and reliability. All operations to collect and deliver data are asynchronous.

swatchdog.pl started out as swatch, the "simple watchdog" for activity monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. The name has been changed to satisfy a request made by the old Swiss watch company.

AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.

Screen squid is web-based interface for viewing reports based on Squid proxy server log files. It can be accessed from web-browser through more than 50 reports. No extra files, only DB. All reports generated "on-the-fly". And we got personal cabinet for each user/group.

this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks

imsniff is a pcap-based instant messaging sniffer. It captures the IM traffic in the network and is able to log conversations, contact lists, profile information, incoming email notifications, other MSN events, etc. Tested in Linux and Windows.

ParserCap is a visual tool for information security specialists, system administrators, students and everyone who needs to analyze network traffic in PCAP format (libpcap — ETHERNET and IEEE 802.11). It is also possible to set filters for identifier search TCP headers (Documents, Multimedia, Files, Logins, Passwords etc.). If necessary, it is possible to view detailed statistics on every MAC address, including COOKIES, USER-AGENTS, HTTP GET/POST and a lot more. Please visit forum - if you have any idea :-) Last version my program you can search in my home web page! Thanks!

TailBlazer is a graphical version of the UNIX 'tail' utility. It allows you to monitor log files as they are written. New lines appear as they are written. TailBlazer takes this a step further by supporting pattern matching, filtering, and notification

Php Log Analyzer (aka PLA) is a Log Analysis tool for Apache. There are lots of log analyzer softwares available on the internet but most of them have their own data storage ways. PLA is a tool to analyze log files and store results into MySQL databases.

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

An eclipse plugin providing tail in view component.

MakeLogic Tail is an advanced "tail -f" command with GUI. It needs JRE 5.0, hence it is 'Tail for Windows', Linux or 'Tail for Mac'. It shows the last few lines of a growing log file in real time. Provides many more easy to use features. Try it!

NXLog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc. Writing and reading logs to/from databases is also supported. The collected logs can be stored into files, databases or forwarded to a remote log server using various protocols. The old BSD Syslog and the newer IETF syslog standard is fully supported by NXLog in addition to Snare, XML, JSON, GELF, KVP, CSV and custom formats. A key concept in NXLog is to be able to handle and preserve structured logs. No need to convert everything to syslog and parse these logs again at the other side. It has powerful message filtering, log rewrite and conversion capabilities.

A tool to visualize interactively huge amounts of eventdata. Uses an innovative hierarchical zoomlens scaling from quarters down to 50 ms.

Analyse et filtrage de l'observateur d'évčnements de Windows NT. Récupčre les évčnements, les stocke dans une base MySQL et une série de pages PHP permettent de ne retenir que les évčnements les plus importants.

Application to display, as well as interpret, firewall information from a database to serve a variety of users needs. The application is online and cross-platform, written using PHP.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

ASC is a tool to count traffic between users and different subnets. The most common usage is to measure individual users amount of traffic to and from the internet. Very easy to configure, see the documentation.

PERL script and required environment to easily use the Afterglow software (http://afterglow.sourceforge.net/ Copyright (c) 2006 Raffael Marty) by listing the packet captures to visualize or by specifying a directory that contains the packet captures.