logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
sa-exim-stats generates spam/mail statistics from an sa-exim logfile. sa-exim is a patch for Exim which integrates SpamAssassin into Exim. The script's output includes: total spam messages, total clean messages, spam percentage, top n spam/clean/overal recipients. The script is designed so that it doesn't have to scan the entire logfile everytime it is run (status can be saved to a file or in a MySQL database). It can create and update a RRD database, and some basic PHP pages to display the graphs are included.
redWall is a bootable CD-ROM firewall which focuses on Web-based reporting of the firewall's status. It includes Snort, snortsam, dansguardian, and support for fwbuilder, squidguard, reporting (using BASE/sarg/ntop/webfwlog), VPN (Openswan/PoPToP/Openvpn), Spam Filtering (spamassassin, dcc, razor2, clamav, amavis-new, dspam and maia mailguard), and mail-based, alerting. Configuration data are stored on a floppy or USB disk.
Spamity is a Web interface for Postfix log files that makes it possible to view filtered spam messages, which is useful for testing the effectiveness of filtering rules. Authentication is possible through an IMAP server or LDAP directory, and desired accounts can receive administrator privileges. An option to reinject quarantined messages is provided.
LMon is a package for near real-time monitoring of logs, sending email alerts upon known (rule hits) or unknown data (rule misses). It features buffering of multiple rule hits within a given interval, cap at a given maximum number of lines, wait for a given interval before sending next alert, and auto- discovery of log rotation. It can be run from the command line without configuration, or be controlled from a central configuration file with multiple instances monitoring different log files/sending alerts to different people.
Sprog is a graphical tool that anyone can use to build programs by plugging parts together. In Sprog jargon, the parts are known as 'gears' and they are assembled to make a 'machine'. Gears are selected from a palette and dragged onto the Sprog workbench, where they can be connected together. Options can be set using a properties dialog on each gear. When assembly is complete, the machine can be run, reconfigured, or re-run.
grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications, or arbitrary networks specified by an address range. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of comparing thousands or even millions of IPs to networks with little memory usage and in reasonable computation time. It has endless uses in network software, including mail filtering and processing, network security, log analysis, and many custom applications.