ConMan is a serial console management program designed to support a large number of console devices and simultaneous users. It supports local serial devices, remote terminal servers (via the telnet protocol), IPMI Serial-Over-LAN (via FreeIPMI), Unix domain sockets, and external processes (e.g., using Expect to control connections over telnet, ssh, or IPMI Serial-Over-LAN). Its features include logging (and optionally timestamping) console device output to file, connecting to consoles in monitor (R/O) or interactive (R/W) mode, allowing clients to share or steal console write privileges, and broadcasting client output to multiple consoles.
DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.
Lilith is a logging and access event viewer for the Logback logging framework. It has features comparable to Chainsaw, a logging event viewer for log4j. This means that it can receive logging events from remote applications using Logback as their logging backend. It uses files to buffer the received events locally, so it is possible to keep vast amounts of logging events at your fingertip while still being able to check only the ones you are really interested in by using filtering conditions.
LogAnalyzer is a Web front-end for syslog and other network event data. It provides easy browsing, searching, basic analysis, and some graphics. Data is taken from databases or plain syslog text files, so LogAnalyzer does not require changes to an existing logging infrastructure. Depending on the log data present, it can process syslog messages, Windows event log entries, and some more exotic things. Its troubleshooting support enables users to quickly find solutions to problems seen in the log data. LogAnalyzer was previously called phpLogCon, and has been renamed since v3.
LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
PostRemoteLog is a tool that allows you to send information across the network to a centralized location. Three methods are currently supported: XMLRPC, Email, and Growl. It is generally aimed at system administrators who want to keep track of information such as backup post-run scripts, network monitoring scripts, UPS information, service outages, power on/off, unexpected restarts, etc. PostRemoteLog is designed to be used in other scripts. Captured data can be analyzed and aggregated as needed.
Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods. It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.