iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
log_analysis is a log file analysis engine that extracts relevant data for any of the recognised log messages and produces a summary that is much easier to read. It can be configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD. It also has optional continuous monitoring capabilities, with both text and GUI modes.
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
nsat is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more. Unlike many other auditing tools, it can collect information about services independently of vulnerabilities, which makes it less dependent on frequent updates as new vulnerabilities are found.
Osiris is a host integrity management system that can be used to monitor changes to a network of hosts over time and report those changes back to the administrator(s). Osiris takes periodic snapshots of the filesystem, configurations, and logs, and stores them on a central management host. When changes are detected, Osiris will log these events and optionally send email to an administrator. Osiris also has preliminary support for monitoring other system data, including user lists, file system details, kernel modules, and network interface configurations.
pflogsumm.pl is designed to provide an over-view of postfix activity, with just enough detail to give the administrator a "heads up" for potential trouble spots. Reports includes: Total number of messages and bytes; Hosts/Domains; senders and Recipients; per-hour traffic reports; summaries of warnings, fatal errors, and panics; and so on ...
PIKT is cross-categorical, multi-purpose software for monitoring and configuring computer systems, administering networks, organizing system security, and much more. PIKT is intended primarily for system monitoring, and secondarily for configuration management, but its versatility and extensibility evoke many other wide-ranging uses. PIKT consists of a sophisticated, feature-rich file preprocessor; an innovative scripting language with unique labor-saving features; a flexible, centrally directed process scheduler; a customizing file installer; a collection of powerful command-line extensions; and other useful tools.