LMF (Log Monitoring Framework) is a flexible log monitoring framework that allows the user to match text from log files using Perl regular expressions and capturing parentheses. An optional external command will be executed when a user-specified number of matches is found within a user-specified period. In additon to the trigger, the rule can also have a message associated with it; when the rule is triggered, that message will be logged to the LMF log file. Each rule can also have a duration associated with it; after a rule has been triggered and the duration has expired, an optional external command will be run.
mSuite is a solution for enterprise-wide infrastructure management. This solution uses Monolith Event Manager (Event/Fault), Action Manager (E&N), and Reporter (Historical Reporting). Monolith integrates with a variety of availability and performance tools based upon a client's needs. mSuite can monitor syslogs, SNMP traps, and NT event logs.
LogDistiller is a log files merge and sort tool. It reads log files, parses them into structured log events with attributes, then classifies them according to rules configured in an XML file. Classification results go into reports, which are published according to the rule configuration: simply stored in a file, sent by mail, or even added in a news feed. Some log parsers are included for syslog, Weblogic, simple line logs, Oracle alerts, and others. Log file parsing is designed to be easy to extend.
Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attackers' IP addresses into the ipfw2 table, effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which gives it enough flexibility to be used with almost any network service. Bruteblock doesn't use any external programs and works with ipfw2 tables via the raw sockets API.
nLive Core is a Linux-based product to monitor packet traffic for security and compliance requirements without integration or maintenance. Combining machine learning and anomaly detection technologies, it provides full visibility into the network's interior traffic. It also provides detection, forensics, and reporting capabilities.