Logcheck Consolidator is a utility which manages the log files from multiple computers to help you keep track of your network. It takes logcheck e-mail and parses it for each of your systems into one piece of mail. It has a lot of built-in logic. For example, if a host does not send its hourly e-mail, the logcheck consolidator will notice this and flag it as an error at the top of the consolidated e-mail.
logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
log_analysis is a log file analysis engine that extracts relevant data for any of the recognised log messages and produces a summary that is much easier to read. It can be configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD. It also has optional continuous monitoring capabilities, with both text and GUI modes.
md5mon is a shell script that verifies files by computing their checksums. The script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
nsat is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more. Unlike many other auditing tools, it can collect information about services independently of vulnerabilities, which makes it less dependent on frequent updates as new vulnerabilities are found.
NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). It manages the rotation and archiving of log files (primarily those written to by syslogd). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.