Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
Bombardier is a software system that delivers visibility, control, and automation to data center environments. Bombardier provides a means for changes to be rolled out to a network of Linux and Windows servers in a highly controlled way, providing optimum security, logging, and centralized change control.
Logsend is a Unix daemon for email notification of log file changes, having 3 different backends. It watches the log files and periodically mails you the additions (being able to filter them). Logsend comes with a dialog-based configuration tool, as well as a live monitor that allows the users to watch the changes in real time.
Alerttail monitors a given file and executes a list of actions when a user-defined text pattern has been written to the file. For example, the user can pop up a GTK notification window when a certain message is written to a log file. Actions can be alerttail built in actions (GTK notify action, geoipLocalization action, or filtering text action) or a custom user defined shell command action. A Qt 4 GUI frontend helps with configuration.
DNA (Deep Network Analyzer) is an open, flexible, and extensible deep network analyzer server and software architecture for passively gathering and analyzing network packets, network sessions, and applications protocols. DNA is designed to be used for Internet security, intrusion detection, network management, protocol and network analysis, information gathering, and network monitoring applications.
Snare for Apache provides a remote distribution facility for Apache Web server logs. It is known to run on most Unix variations, including Linux, Solaris, AIX, Tru64, and Irix. Snare for Apache can be used to send data to either a remote or local SYSLOG server, or the Snare Server for centralized collection, analysis, and archival.