Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attackers' IP addresses into the ipfw2 table, effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which gives it enough flexibility to be used with almost any network service. Bruteblock doesn't use any external programs and works with ipfw2 tables via the raw sockets API.
Isoqlog is an MTA log analysis program written in C. It is designed to scan qmail, Postfix, Sendmail, and Exim logfiles and produce usage statistics in HTML for viewing through a browser. It produces a "top domains" statistic according to sender, receiver, total mails, and bytes, and keeps the main domain mail statistics with regard to day's top domain, and top users values for per day, per month, and per year.
Lire is a pluggable log analyzer. It has analyzers for over 25 log file formats, ranging from Apache WWW log files to iptables firewall logs and CUPS printing logs. Reports are generated in 9 different output formats, ranging from Excel 95 to PDF to HTML, optionally with included graphs.
Performance Co-Pilot (PCP) is a framework and set of services for supporting system-level performance monitoring and performance management. It provides a unifying abstraction for all of the interesting performance data in a system, and allows client applications to easily retrieve and process any subset of that data using a single API. A client-server architecture allows multiple clients to monitor the same host, and a single client to monitor multiple hosts. Archive logging and replay are integrated so that a client application can use the same API to process real-time data from a host or historical data from an archive.
ProviderTool Internet server administration program with email protection. The software is divided into a subcomponent Admin Tool, Customer Tool, and a Reseller Tool. Each subcomponent tool manages a separate zone that is setup for the specific needs of your administrator, end user, and reseller. If you have a Red Hat, SuSE, or Debian Internet or intranet server, you will be able to add, delete, and change settings and users with just a couple of clicks. ProviderTool is delivered with a separate Apache and PHP server environment. There is also an email protection tool included.
Webalizer Xtended is a fork of Webalizer and contains a great number of feature improvements, such as monthly statistics for all "HTTP 404 Not Found" errors (including the number of these errors and the corresponding URLs) and additional configuration file keywords. Furthermore, all colors of the statistics can be defined by the user. Webalizer Xtended also fixes several (security-related) bugs in the original Webalizer code and contains the "Apache mod_logio" patch to generate more reliable traffic statistics.
grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications, or arbitrary networks specified by an address range. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of comparing thousands or even millions of IPs to networks with little memory usage and in reasonable computation time. It has endless uses in network software, including mail filtering and processing, network security, log analysis, and many custom applications.