downtimed is a program that monitors operating system downtime, uptime, shutdowns, and crashes and records such events. At OS startup it logs information about previous downtime. It then periodically updates a time stamp file on the disk, which is used to determine the approximate time when the system was last up and running. During a graceful system shutdown, it records a time stamp in another file. The downtimes(1) command line tool can be used to inspect records of past downtime.
Yet Another Flowmeter (YAF) is a tool for network flow capture, primarily designed to operate efficiently on white box hardware and generate IPFIX flow records. It is designed to operate primarily on Unix-based systems (including Mac OS X), and is supported by the Network Situational Awareness team at CERT.
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs or IPFIX and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.