Open Source ChromeOS Logging Software

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

ccsrch is a tool that searches for and identifies unencrypted and contiguous credit card numbers (PAN) and track data on windows and UNIX operating systems. It will also identify the location of the PAN data in the files and record MAC times.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

BASE+ (Basic Analysis and Security Engine) is based on ACID project. This application provides a web front-end to query and analyze the alerts coming from various IDS systems (e.g. Snort).

Cherubim takes a snapshot of the computer screen and stores the image in a log file. The log file can then be played back like a movie.

DcSecure is a php based wrapper that cleans Get, Post, and Server variables so as to defend against php vulnerabilities. It cleans all variables and replaces the orignal ones with the cleaned ones so the target scripts do not require modifications.

A framework for information security management. It has the centralized server for managing the IDS sensors, log consolidation and correlation, report generation etc. Also it has customized IDS sensor based on snort.

A client/server application designed to let the user monitor a directory tree on a remote machine by creating snapshots of current file status in order to later detect file modification, addition and/or removal.

Insidias is a next-generation intrusion detection engine, with a focus on speed, efficiency, advanced pattern matching, parallel-processing, modularity, and expandability.

Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.

Labrador is a Host-based Intrusion Detection System (HIDS) and Integrity Checker written entirely in Perl. It aims to be a complete, free, multiplatform, and open-source solution for detecting modifications and tamperings in files.

Network Keylogger is a program that sends every key pressed in a computer to another computer, via TCP/IP.

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

Nuhe Client is a project related to the Nuhe Action Capable Log Monitor. This GUI client simplifies the administration of sensors and node managers, making it easier to control and monitor the network. Comes with a rule editor as well as a log monitor.

An ARP watch daemon for windows (portable to linux but it is already there...) which is able to be run as a service and logs to eventlog so one can collect the logs and react to events.

Pace-IDS is an Intrusion Detection system designed to replace Tripwire, in that it is faster, and more effective of detecting trojan activity, and is easier to configure. All you have to do usually is simply change one variable to your email address.

Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase integration. By outputting to JSON it also leaves open the possibility for on the fly in memory correlation between events. Read the included README before starting, it has a quick start guide and info on the constructors.

Remote Web Logger is a remote web transaction logging daemon. It operates by passive monitoring of web server traffic to translate web session data to transaction log entries that are written to standard log services such as syslog.

A C library with support for logging, configuration, networking, message specification, semaphores, message queues, SSL, timing, epoll and email functionality.

SerMon is an Open Source Server-Side (PHP) Server Monitor. SerMon uses plugins to check your server and to send notifications. Easy to develop plugin.

Snort IDS library for Python

Perl logfile analyzer for DELL Sonicwall Firewall logfiles. This Perl program (Windows /Linux / Mac), creates an HTML file containing: hits per protocol, mean, median and variance on hourly and weekday basis, RBL statistics, IPS stats, VPN stats, virus stats, surfing statistics, CFS blocked sites stats.