LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
Zbxlog provides better integration of syslog messages (as defined in RFC 3124 and 5424) with Zabbix. Currently, Zabbix cannot process messages in syslog format; it can only process messages stored in flat files by standard syslog programs on Unix/Linux systems. This means that it can't process syslog messages from devices on which Zabbix cannot be installed. It also means that several fields of a syslog message are lost (timestamp, facility, and severity). This project adds support in Zabbix for a new kind of item: "syslog[<facility>,<regexp>,<severity>,<maxlines>]". It has been tested with Zabbix 1.8.2 and 1.8.3.
ColorLogs is an output-colorizing Perl script intended to have command output piped through it to a terminal. It allows easy creation of new highlighting configurations using simple text matches, globs, or regular expressions. It works transparently even in interactive contexts with scripts that produce prompt lines and wait for user input. Patterns are provided for Ant and Maven output. This version started as a fork of v1.1 from resentment.org, but numerous improvements have been made since then.
DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.
Tweeter is another command line script that can update your Twitter status from the command line. It also uses the SSL link to protect your username and password. Tweeter can only post a new status; it cannot follow anyhone, send direct messages, or anything else. The username and password are not stored on the file system, so you can post to different accounts with ease. It should also work on older machines.
Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.
BigDaddy is a program for monitoring servers. It is similar to Nagios, with the added benefit of also monitoring and controlling the crontab (or any scheduled application) across an entire fleet of servers. The application comes in the form of a daemon for monitoring and reporting as well as an easy-to-use Web-based GUI for controlling monitoring, viewing timelines of incidents, filing incidents and graphing statistics. The application is extensible with any sort of monitoring module and notification is based on a five step escalation process.
SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs or IPFIX and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.