Advanced Web Statistics (AWStats) is a free powerful Web server logfile analyzer (Perl script) that shows you all your Web statistics including visits, unique visitors, pages, hits, rush hours, search engines, keywords used to find your site, robots, broken links, and more. It works with both IIS 5.0+ and Apache Web server log files as a CGI and/or from the command line. It also supports around 40 languages.
BBclone is a PHP Web counter on steroids which displays individual logs as well as aggregated data. It is a clone of Big Brother webstats, except that it is written in PHP and it relies only on flat files (no database needed). BBclone enables any Web site administrator to have a very precise view of who visit the website: OS, browser, date, referring page etc. Main features include reload resistance, hostname resolution, proxy workaround, and blacklist.
Performance Co-Pilot (PCP) is a framework and set of services for supporting system-level performance monitoring and performance management. It provides a unifying abstraction for all of the interesting performance data in a system, and allows client applications to easily retrieve and process any subset of that data using a single API. A client-server architecture allows multiple clients to monitor the same host, and a single client to monitor multiple hosts. Archive logging and replay are integrated so that a client application can use the same API to process real-time data from a host or historical data from an archive.
GoAccess is a real-time Web log analyzer and interactive viewer for almost every Web server. It runs in a terminal and provides fast and valuable HTTP statistics for system administrators that require log monitoring and visual reports on the fly. GoAccess can monitor unique visitors, browsers, spiders, OS, hosts and IP geolocation, keyphrases, referring sites, status codes, etc. It has support for IPv6 and it parses nearly any Web log format.
superseriousstats is a small and efficient program for creating a Web page with statistics from various types of IRC logs. It keeps track of its parse history and only processes new activity before storing any accumulated data in a SQLite or MySQL database. It is suitable for high volume IRC channels and large log archives, and is relatively easy to integrate with IRC services (e.g. bots) that interact with the database and provide last seen information and many other statistics directly in your channel.
nxlog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept, it is similar to syslog-ng or rsyslog, but is not limited to Unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP, or TLS/SSL on all supported platforms. It supports platform-specific sources such as the Windows Eventlog, Linux kernel logs, Android device logs, local syslog, etc. Writing and reading logs to/from databases is also supported for many database servers. The collected logs can be stored into files, databases, or forwarded to a remote log server using various protocols. The old BSD Syslog and the newer IETF syslog standard (RFC 3164 and RFC 5424-5426) are fully supported by nxlog in addition to XML, JSON, CSV, GELF, and other custom formats. A key concept in nxlog is to be able to handle and preserve structured logs so there is no need to convert everything to syslog and then parse these logs again at the other side. It has powerful message filtering, log rewrite, and conversion capabilities. Using a lightweight, modular, and multi-threaded architecture which can scale, nxlog can process hundreds of thousands of events per second.
Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.