Software Map

The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).

Chucho is a C++11 logging framework based on the popular Java library "Logback".

FWReport is a log parser and reporting tool for
IPTables. It generates daily and monthy summaries
of the log files, allowing the admin to free up
substantial time, maintain better control over
security of the network, and reduce unnoticed attacks.

ZedLog is a robust cross-platform input logging tool (A.K.A., a key logger). It is based on a flexible data logging system which makes it easy to get the required data. It features logging of all keyboard and mouse events, a replay simulation tool, logging to a file, and hiding in the background.

justniffer is a TCP packet sniffer. It captures TCP packets, reassembles and reorders them, performs IP packet defragmentation and displays the TCP flow in the standard output. It is useful for logging HTTP network traffic in a "standard" (Web server like) or in a customized way. It can log the performance of network services (such as Web server response time or keep-alive behavior). It can be extended by scripts. One is provided for storing all captured HTTP content (such as images, JavaScript, CSS, or HTML) into files.

NagiosAppender is a pure Java implementation of a Log4j appender that allows the developer/administrator to send log records to Nagios via the NCSA server (using the push model). It provides a simple solution for Nagios administrators whose only alternative is to implement a polling function against against the output of a standard Log4j appender. The log4j configuration file provides for user-specific mappings between Log4j levels and Nagios levels. The configuration file also allows the user to select whether to set the Nagios 'service' and 'host' programmatically via Log4j MDC, or via the config file. Later releases support XOR encryption.

Prewikka is a graphical front-end analysis console for the Prelude hybrid IDS framework. Prelude is a hybrid intrusion detection framework implementing an open communication layer for use by any security application. It offers the ability to unify currently available security tools into one, powerful, and distributed application. Providing numerous features, Prewikka facilitate the work of users and analysts. It provides alert aggregation, sensors and hearbeat views, and has user management and configurable filters. It has access to external tools such as whois and traceroute.

PIKT is cross-categorical, multi-purpose software
for monitoring and configuring computer systems,
administering networks, organizing system
security, and much more. PIKT is intended
primarily for system monitoring, and secondarily
for configuration management, but its versatility
and extensibility evoke many other wide-ranging
uses. PIKT consists of a sophisticated,
feature-rich file preprocessor; an innovative
scripting language with unique labor-saving
features; a flexible, centrally directed process
scheduler; a customizing file installer; a
collection of powerful command-line extensions;
and other useful tools.

Prelude-LML is a signature-based log analyzer monitoring your log file and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, SSH, and others. It is part of Prelude, a hybrid Intrusion Detection framework implementing an open communication layer for use by any security application.

logtail is an AJAX-based logfile download and
viewing application. The logfiles are displayed
like in the popular Unix "tail" program. Due to
the AJAX approach, only the changed lines in a
logfile are transferred from the server.

CRM114 is a Controllable Regex Mutilator and Smart Filter, designed for easy creation of filters for things like incoming email redirection, spam filtering, system logs, or monitoring processes. Filtering rules can be either hard-coded (such as regexes), soft-coded (calculated at runtime or read from an external file or process), or learned dynamically by phrase matching (as in Bayesian filtering, Markovian matching, Winnowing, or Hyperspatial classification). This makes it possible to create very accurate filters with very little actual work. Accuracies over 99.9% are achievable.

ConMan is a serial console management program designed to support a large number of console devices and simultaneous users. It supports local serial devices, remote terminal servers (via the telnet protocol), IPMI Serial-Over-LAN (via FreeIPMI), Unix domain sockets, and external processes (e.g., using Expect to control connections over telnet, ssh, or IPMI Serial-Over-LAN). Its features include logging (and optionally timestamping) console device output to file, connecting to consoles in monitor (R/O) or interactive (R/W) mode, allowing clients to share or steal console write privileges, and broadcasting client output to multiple consoles.

ClamFS is a FUSE-based user-space file system for
Linux with on-access anti-virus file scanning
through the clamd daemon.