IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors.
pf2x is a PHP script that will take the output of your pflog and convert it into various different output formats. These output formats include plain text, XML, HTML, PDF, and MySQL INSERT statements for import into a MySQL database. This was developed and tested on OpenBSD 3.3 but should work for any system that uses PF.
VAdmind (Virtual Administrator Daemon) is set of Perl scripts and modules which can help with remote server management. It uses XML input/otput, and can be run by (x)inetd. It can receive multiple commands to execute, and it has been built to provide support for a scalable system administration environment. Since it takes XML, clients can be developed in a different set of environments with easy integration into the server.
DIET Agents is a multi-agent platform in Java. A bottom-up design is used to ensure that the platform is lightweight, scalable, robust, adaptive, and extensible. It is especially suitable for rapidly developing peer-to-peer prototype applications and/or adaptive, distributed applications that use bottom-up, nature-inspired techniques.
The Java Application Monitor (JAMon) is a free, simple, high performance, thread safe, Java API that allows developers to easily monitor production applications. JAMon can be used to determine application performance bottlenecks, user/application interactions, and application scalability. JAMon gathers summary statistics such as hits, execution times (total, average, minimum, maximum, standard deviation), and simultaneous application requests. JAMon statistics are displayed in the sortable JAMon report.
The ruleCore Engine is an event-driven rule engine that manages and executes reaction rules. The rules are event-condition-action (ECA) style of rules. The ruleCore Engine provides capabilities for detection of complex patterns of events, called situations. Events can be combined with logical and temporal operators in order to describe complex situations. When a situation is detected, the ruleCore Engine can execute an action to alert external applications or users of the situation. The ruleCore Engine is fed with events through connectors. Currently, connector implementations exist for plain sockets, XML-RPC, IBM WebSphere MQ, and TIBCO Rendezvous. Experimental support exists for running the engine within Zope and calling Zope methods when a rule triggers its action.