bcnu is a Web-based system management tool which delivers information on the status of networked systems in a simple and easy-to-use manner. It uses a web browser to display information about hosts in a tabular form. Historical information can be held indefinitely, and there is a powerful query tool available to interrogate it. Client systems can run an agent which logs information back to a central system. An agent scheduler is integrated to allow agents to be run at different intervals. Standard agents include ftp, http, disk space, logfiles, processes, and more.
DansGuardian is a Web content filtering proxy that uses Squid to do all the fetching. It filters using multiple methods including, but not limited to, phrase matching, file extension matching, MIME type matching, PICS filtering, and URL/domain blocking. It has the ability to switch off filtering by certain criteria including username, domain name, source IP, etc. The configurable logging produces a log in an easy to read format. It has the option to only log text-based pages, thus significantly reducing redundant information (such as every image on a page).
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
The ipaudit package records and displays network activity. It is useful for identifying heavy bandwidth users, intrusive telnet sessions, denial of service attacks, and scans. It includes ipaudit, which stores counts of bytes and packets for every combination of host/port pairs and protocol. The utilities total and ipstrings can be used to investigate network traffic records from the command line. ipaudit-web can collect network traffic statistics and generate Web reports.
iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
The Jasmin software distribution includes an implementation of the Script MIB according to RFC 2592 with a Java runtime engine, a selection of demonstration scripts, a Java package called "scriptmib" supporting the development of manager applications for the Script MIB, Smurf, a graphical user interface to the Script MIB, and JAX, a Java package for building AgentX sub-agents.
Heartbeat is a full-function high-availability system for Linux and other POSIX-like OSes. It monitors services and restarts them on errors. When managing a cluster (more than 1 machine), it will also monitor the members of the cluster and begin recovery of lost services in less than a second. It runs over serial ports and UDP broadcast/multicast, as well as OpenAIS multicast. It is easily adapted to different interconnect media and protocols. When used in a cluster, it can operate using shared disks, data replication, or no data sharing. Versions starting with 2.0 are comparable to any commercial HA package, providing resource monitoring, larger clusters, and detailed dependency information.
log_analysis is a log file analysis engine that extracts relevant data for any of the recognised log messages and produces a summary that is much easier to read. It can be configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD. It also has optional continuous monitoring capabilities, with both text and GUI modes.