IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors.
pf2x is a PHP script that will take the output of your pflog and convert it into various different output formats. These output formats include plain text, XML, HTML, PDF, and MySQL INSERT statements for import into a MySQL database. This was developed and tested on OpenBSD 3.3 but should work for any system that uses PF.
The Java Application Monitor (JAMon) is a free, simple, high performance, thread safe, Java API that allows developers to easily monitor production applications. JAMon can be used to determine application performance bottlenecks, user/application interactions, and application scalability. JAMon gathers summary statistics such as hits, execution times (total, average, minimum, maximum, standard deviation), and simultaneous application requests. JAMon statistics are displayed in the sortable JAMon report.
The ruleCore Engine is an event-driven rule engine that manages and executes reaction rules. The rules are event-condition-action (ECA) style of rules. The ruleCore Engine provides capabilities for detection of complex patterns of events, called situations. Events can be combined with logical and temporal operators in order to describe complex situations. When a situation is detected, the ruleCore Engine can execute an action to alert external applications or users of the situation. The ruleCore Engine is fed with events through connectors. Currently, connector implementations exist for plain sockets, XML-RPC, IBM WebSphere MQ, and TIBCO Rendezvous. Experimental support exists for running the engine within Zope and calling Zope methods when a rule triggers its action.
FSHeal aims to be a general filesystem tool that can scan and report vital "defective" information about the filesystem like broken symlinks, forgotten backup files, and left-over object files, but also source files, documentation files, user documents, and so on. It will scan the filesystem without modifying anything and reporting all the data to a logfile specified by the user which can then be reviewed and actions taken accordingly.
DB_eSession is a feature-packed PHP class that stores session data in a MySQL database rather than files. It is powerful, designed with security in mind, and is easy to utilize. The code contains lots of comments, and it comes with full documentation and examples of how to use the class including a basic authentication login/logout process. It includes member functions useful (to webmasters) for monitoring or viewing, deleting, and altering sessions validity for the case of locking one or more sessions upon detection of unauthorized use.