SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs or IPFIX and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.
TNV (The Network Visualizer or Time-based Network Visualizer) depicts network traffic by visualizing packets and links between local and remote hosts. It is intended for network traffic analysis to facilitate learning what constitutes 'normal' activity on a network, investigating packet details and security events, or for network troubleshooting. It can open saved libpcap (from tcpdump, windump, ethereal, etc.) formatted files or capture live packets on the wire, and export data in libpcap format or save the data to a MySQL database to enable the examination of trends over time.
ProM is an extensible framework that supports a wide variety of process mining techniques in the form of plug-ins. Plug-ins currently support the import of and the conversion between several process modelling languages, including Petri nets (PNML, TPN), EPCs/EPKs (Aris graph format, EPML), and YAWL. Mining, analysis, and log filtering plug-ins are also available.
Report Magic is an add-on for Analog, a Web site logfile analysis program. Generated reports include a description with tabulated, graphed, and summarized results. All colors, fonts, and background images are completely customizable to help make resulting reports fit the theme of your Web site. Report Magic has translations for several languages. It runs on any platform that will run Perl and pre-compiled versions are available for Win32 and Mac.