Open Source BSD Logging Software

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

tcpick is a textmode sniffer; it tracks tcp streams, shows the status, reassembles and saves the data captured in files or displays them in the terminal in different modes (ascii, hex..). There is a color-mode. Useful to get files passively.

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

A simple keylogger written in python. It is primarily designed for backup purposes, but can be used as a stealth keylogger, too. It does not raise any trust issues, since it is a set of [relatively] short python scripts that you can easily examine.

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

OpenXDAS is an open source implementation of the Open Group's Distributed Auditing Service (XDAS) specification. OpenXDAS provides a complete implementation of the XDAS specification API, including client-side instrumentation and filtering.

Perl logfile analyzer for DELL Sonicwall Firewall logfiles. This Perl program (Windows /Linux / Mac), creates an HTML file containing: hits per protocol, mean, median and variance on hourly and weekday basis, RBL statistics, IPS stats, VPN stats, virus stats, surfing statistics, CFS blocked sites stats.

justniffer is a TCP sniffer. It reassembles and reorders packets and displays the tcp flow in a customizable way. It can log network traffic in web server log format. It can also log network services performances (e.g. web server response times) and extract http content (images, html, scripts, etc)

LKL is a userspace keylogger that runs under Linux on the x86 arch. LKL logs everything that passes through the hardware keyboard port (0x60). It translates keycodes to ASCII with a keymap file.

Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

"GETO" is NIPS system. NIPS is a system which prevent any abnormal network user from access your valuable server.

Immune Security Architecture For your Enterprise -- Host-Based Intrusion detection for UNIX based systems, at the process level. Detect changes in the normal behavior of processes, advanced features to detect Buffer Overflows.

sudosh is a sudo shell, filter and can be used as a login shell. Sudosh records all keystrokes and output and can play back the session as just like a VCR.

A client/server application designed to let the user monitor a directory tree on a remote machine by creating snapshots of current file status in order to later detect file modification, addition and/or removal.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

Automated Computer Auditing Daemon - Keep a track of what's going on with your systems: suid, sgid, world writable, hidden and unowned files monitoring as well as important file's md5sums management audits sent to your mailbox on a regular basis.

A set of simple shell scripts to query (via SNMP) any router in an enterprise network for a list of active ARP cache entries. These entries are then merged into a host table with timestamp of last seen entry.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Automated Incident Reporting (AirCERT) is an Internet-scalable infrastructure to automatically receive, process, and analyze security event information reported from across administrative domains.

Alist is a program that collects hardware and software information about systems and stores it in a database for users to browse and search via a Web interface. The program consists of three parts: a client portion that collects the information, a daemon

This project has been migrated to GitHub : https://github.com/vlachenal/anch-framework AnCH framework aims to provide utility classes for some common programming features. Features are implemented to be used as simply as possible. This framework was initially a way to test new C++ specifications (C++11) and to test C++ design patterns and tricks. Only POSIX systems are supported for now. Others could be supported later. (Partial) Doxygen documentation can be found on project home page.

BASE+ (Basic Analysis and Security Engine) is based on ACID project. This application provides a web front-end to query and analyze the alerts coming from various IDS systems (e.g. Snort).