360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
Free-SA is tool for statistical analysis of daemons' log files, similar to SARG. Its main advantages over SARG are much better speed (7x-20x), more support for reports, and W3C compliance of generated HTML/CSS reports. It can be used to help control traffic usage, to control Internet access security policies, to investigate security incidents, to evaluate server efficiency, and to detect troubles with configuration.
The Logfile Navigator, lnav for short, is a curses-based tool for viewing and analyzing log files. The value added by lnav over text viewers or editors is that it takes advantage of any semantic information that can be gleaned from the log file, such as timestamps and log levels. Using this extra semantic information, lnav can do things like interleaving messages from different files, generate histograms of messages over time, and provide hotkeys for navigating through the file. These features are meant to allow the user to quickly and efficiently focus on problems.
log_analysis is a log file analysis engine that extracts relevant data for any of the recognised log messages and produces a summary that is much easier to read. It can be configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD. It also has optional continuous monitoring capabilities, with both text and GUI modes.
Webalizer Xtended is a fork of Webalizer and contains a great number of feature improvements, such as monthly statistics for all "HTTP 404 Not Found" errors (including the number of these errors and the corresponding URLs) and additional configuration file keywords. Furthermore, all colors of the statistics can be defined by the user. Webalizer Xtended also fixes several (security-related) bugs in the original Webalizer code and contains the "Apache mod_logio" patch to generate more reliable traffic statistics.
Stager is a system for aggregating and presenting network statistics. Though tailored for using NetFlow data from the flow-tools package, it is generic and can be customized to present and process any kind of network statistics. The backend collects data with flow-tools and stores reports in a database, automatically handling the aggregation of hourly statistics into days, weeks, and months. The Web frontend presents data in tables, matrices, or plots. The reports are fully customizable, and their definitions are stored in the database.