Open Source Log Analysis Software

AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Logs Analyzer, Alerter & Reporter with a Web Interface

Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration.

AfterGlow is a scripts which facilitates the process of generating link graphs from CSV input. AfterGlow is written in Perl and generates output that can be read by GraphViz, Gephi, etc. Source: https://github.com/zrlram/afterglow Tarball: http://pixlcloud.com/afterglow-2

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

X-Itools: eXtended Internet Tools. Suite of tools composed of several collaboration modules. Old and initial project born in 1999, 1st published in 2001 on Sourceforge. X-Itools E-mail management module (log analysis) initiated in 2004 with Web 1.0 technologies (private SVN server). X-Itools development restarted since 2011, on the basis of a unique module: E-mail management module (log analysis). Now based on web 2.0 technologies (ExtJS 4.1) and devel restarted because of a particular interest given to it by a world wide Organization (United Nations). Module renamed "X-Itools ELSE", for "X-Itools E-mail Log Search Engine". Some features: Log analysis and correlation of Postfix and Exchange servers, statistics, policy manager, in-deep analysis, automated network graphs for e-mail tracing, CSV export... The Swiss knife of Messaging Admins. In 2015, X-Itools ELSE is no more limited to E-mail logs: Apache logs are also processed and related stats and dashboards will be there!

SrvReport is a simple and featurefull server monitoring and reporting system. It will send every day a mail with the latest state of the server including traffic (via /proc/net/dev and/or iptables), cpu, mail, http, ftp reports and other logs.

DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.

ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.snaresolutions.com/try-snare-for-free/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.snaresolutions.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!

This project is an attempt to redesign the snort database schema and to provide a new analysis frontend and associated tools.

d3vscan is a simple yet powerful network and Bluetooth scanner which is based on PyGTK.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Multi-threaded host name and technical contact lookup tool. Reads a list of counted IP addresses (as outputted by uniq -c) from stdin or a file. Resolves their hostnames and (whois) technical contacts. Writes info to stdout.

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP into IPFW table effectively blocking them. Addresses are removed from the table after expiration period

A utility that lists all URLs in a user's Internet Explorer cache. The list can be exported to a text file or copied to the clipboard. Written in Visual Basic for most Windows versions.

Capra is a Open Source tool to quickly get some nice and useful reports out off your Watchguard Fireware log files.

Cnc's IP Data Volume Report: Logs IP to IP contact, number of packets, bytes, time of contact, Ethernet too! View via local web interface. Very simple for those who want to view who your computer is contacting the most!

This is a multiplatform general utility suite for use with existing network stumbling software, such as Kismet or NetStumbler. The program will convert between multiple output logs, including the popular wi-scan format, between platforms.

DAD is a Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time. DAD requires no agents on the servers or workstations. Correlation and analysis is driven through a web front end.

ExamLog is a Log analyzer, developed for syslog messages. It works on a Unix/Linux console, searching for user defined patterns. ExamLog, can divide and clasify syslog messages, and send them to a remote/local postgresql DataBase.

Experimental Hybrid Intrusion Detection System written in Java

The Forensics Data Identifier (FDI) is a tool which allows for large data files to be easily filtered for common forensically relevant data types.The tool was intended to speed up the ediscovery and analysis processes of the forensics investigation