fwanalog is a shell script that parses and summarizes firewall logfiles. It understands logs from ipf (xBSD, Solaris), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, and a few types of routers and firewalls (Cisco, Checkpoint FW-1, and Watchguard). The excellent log analysis program Analog is used to create the reports.
Lire is a pluggable log analyzer. It has analyzers for over 25 log file formats, ranging from Apache WWW log files to iptables firewall logs and CUPS printing logs. Reports are generated in 9 different output formats, ranging from Excel 95 to PDF to HTML, optionally with included graphs.
IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
TrafficWatch is a system for accounting Internet traffic in a residential college or school type of environment. It consists of a set of scripts and Web pages for accounting for each user's Internet usage by volume, and is currently capable of accounting for both Squid proxy traffic and direct IPv4 traffic.
Bash Port Knocking is a set of scripts that use standard Linux tools to acheive a portk nocking system. A Web page is used to open ports, and an email is sent each time the port knocking sequence is successfully achieved. Knocks are tracked independently for each knocking IP address. A basic firewall for a gateway is included.
Lease Parser saves lease states from an ISC DHCP server in a MySQL database, making it possible to tell which MAC address owned an IP at a particular time. If you need to track down a DHCP user for any reason, such as an abuse complaint for actions weeks beforehand, you can simply search the database via the Web form for the IP during the time in question. Then, search on the MAC address you obtained to see if the system is still on the network and what it's current IP is.
trackGoogleContentAds.cgi is a tool to see where your Google AdWords contextual ads are being displayed. Now that Google will let you create negative sites for a campaign, you can use this tool to decide which AdSense publisher domains to block. This script will examine an Apache Web server log and will display hits generated by clicks from Google contextual advertising.