logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
Geolizer is a patch for Webalizer that uses the GeoIP library to generate faster and more reliable geographic statistics than the default DNS suffix method. It is recommended that DNS reversal be disabled on your HTTP server for improved performance and more accurate statistics. It also supports country flag pictures, can be compiled under MinGW/MSYS, and features a human-readable transfer size display.
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
GibCounter is an application that parses QuakeWorld fraglog files, generates human-readable global and per-player statistics, and writes them out in an HTML format. it supports graphical percentage bars, frag-per-death ratios, and colored "fun nicknames". The appearance of any element of the generated stats can be easily changed through a CSS include file.
LinkGrammar-WN is a lexicon expansion for the Link Grammar Parser. The Link Grammar Parser is a syntactic parser of the English language that is capable of handling a wide variety of syntactic constructions and is considered quite robust. The LinkGrammar-WN project aims to import lexical information from WordNet in an effort to increase the size of the LGP lexicon. This project is of interest to anyone interested in NLP (natural language parsing) of English text.
LMon is a package for near real-time monitoring of logs, sending email alerts upon known (rule hits) or unknown data (rule misses). It features buffering of multiple rule hits within a given interval, cap at a given maximum number of lines, wait for a given interval before sending next alert, and auto- discovery of log rotation. It can be run from the command line without configuration, or be controlled from a central configuration file with multiple instances monitoring different log files/sending alerts to different people.