iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
PIKT is cross-categorical, multi-purpose software for monitoring and configuring computer systems, administering networks, organizing system security, and much more. PIKT is intended primarily for system monitoring, and secondarily for configuration management, but its versatility and extensibility evoke many other wide-ranging uses. PIKT consists of a sophisticated, feature-rich file preprocessor; an innovative scripting language with unique labor-saving features; a flexible, centrally directed process scheduler; a customizing file installer; a collection of powerful command-line extensions; and other useful tools.
syslog-ng is a syslogd replacement for a wide variety of UNIX systems that supports IPv6 and is capable of transferring log messages reliably using TCP and SSL and filtering the content of messages using regular expressions. Both RFC3164 and RFC5424 style messages are handled, but more esoteric formats like BSD process accounting logs are supported too. Apart from regular text files, it supports storing messages into SQL and MongoDB databases, and forward messages to local processes via pipes or UNIX domain sockets. This makes syslog-ng ideal as an integration platform. syslog-ng supports extracting structured information from the traditionally text based syslog via csv-parser(), db-parser(), and patterndb. Tag based classification, rewriting messages, and outputting messages in JSON is also possible. This makes syslog-ng ideal for preprocessing events for further analysis, be that home-grown scripts or SIEM systems. syslog-ng scales well on today's multi processor and multi-core systems: reaching 1,000,000 messages per second is a reality for the simplest use cases.
Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and grids. It is based on a hierarchical design targeted at federations of clusters. Ganglia is currently in use on over 500 clusters around the world and has scaled to handle clusters with 2000 nodes.
NEPM monitors and reports uptime, critical events and their predecessors, access rates, bytes-served rates, and error rates for network node equipment. Hardware and software elements within the nodes are tracked and reported separately to make possible rapid fault isolation. It is a very general, highly configurable, two-part software system that captures and analyzes logged performance data from IP-networked equipment and reports it via email and Web pages. Current conditions and history from systems based on Windows NT/2000, Unix, and Unix-style operating systems can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems. NEPM itself is system-independent and can be hosted on either a Unix or Win NT system or a combination of these with equal ease.
MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). Merging of 2 or more log files is possible. It can also use colors while displaying the log files (through regular expressions) for faster recognition of what is important. It can also filter lines (again with regular expressions). It has interactive menus for editing given regular expressions and deleting and adding windows. One can also have windows with the output of shell scripts and other software. When viewing the output of external software, MultiTail can mimic the functionality of tools like 'watch'.
Logcheck parses system logs and generates email reports based on anomalies. Anomolies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.