360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
ADMLogger is a log analyzing engine. Using this core, users could easily build upon it with plugins. With very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates email reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has an HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable.
Alerttail monitors a given file and executes a list of actions when a user-defined text pattern has been written to the file. For example, the user can pop up a GTK notification window when a certain message is written to a log file. Actions can be alerttail built in actions (GTK notify action, geoipLocalization action, or filtering text action) or a custom user defined shell command action. A Qt 4 GUI frontend helps with configuration.
Anteater is a log analyser for MTA logfiles (such as those produced by sendmail and postfix). The tool is written in 100% C++ and is very easy to customize. Input, output, and the analysis are modular class objects with a clear interface. Currently, there are modules for reading the syslog format of sendmail and postfix that do up to eight useful analyses and write the result in plain ASCII or HTML, to stdout or to files.
AutoNOC is a high performance, production integrated, peer-to-peer network operations management platform for Windows and Linux. It provides real-time historical analysis, root cause, fault detection, reporting, alerts and alarms, and no-nonsense correlation. It is an interoperable vendor independent solution with built-in support for Microsoft, Cisco, Linux, IBM, and other major technologies. Additionally it offers many novel capabilities, including end user personalization, easy scalability, compressed historical databases, infinite histories, event archiving (it works as a syslog server), and multi-language support.
Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attackers' IP addresses into the ipfw2 table, effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which gives it enough flexibility to be used with almost any network service. Bruteblock doesn't use any external programs and works with ipfw2 tables via the raw sockets API.