logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
CRM114 is a Controllable Regex Mutilator and Smart Filter, designed for easy creation of filters for things like incoming email redirection, spam filtering, system logs, or monitoring processes. Filtering rules can be either hard-coded (such as regexes), soft-coded (calculated at runtime or read from an external file or process), or learned dynamically by phrase matching (as in Bayesian filtering, Markovian matching, Winnowing, or Hyperspatial classification). This makes it possible to create very accurate filters with very little actual work. Accuracies over 99.9% are achievable.
MFilter is a replacement for maildrop/procmail and fetchmail/getmail. It is an email retriever that supports Maildir or command delivery and processing. Its secondary goal is to facilitate the life of the network administrator by centralizing the downloading, filtering, and classification of mail in a simple and flexible way. Some of its features include XML file based configuration and logging of each action taken.
Outwit is a suite of tools based on the Unix tool design principles allowing the processing of Windows application data with sophisticated data manipulation pipelines. The outwit tools offer access to the Windows clipboard, the registry, the event log, relational databases, document properties, shell links, and the event log.
LMon is a package for near real-time monitoring of logs, sending email alerts upon known (rule hits) or unknown data (rule misses). It features buffering of multiple rule hits within a given interval, cap at a given maximum number of lines, wait for a given interval before sending next alert, and auto- discovery of log rotation. It can be run from the command line without configuration, or be controlled from a central configuration file with multiple instances monitoring different log files/sending alerts to different people.