Log Analysis Tools
AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more
AnalysePlugin will help you to search for more than one search pattern at a time. It is a plugin for NotePad++.
3) SNARE - Auditing and EventLog Management
SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralised analysis of audit log data. Agents are available for Linux, Windows, Solaris, IIS, Lotus Notes, Irix, AIX, ISA/IIS + more
nxlog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs,
BigBrotherBot (B3) is a cross-platform, cross-game game administration bot. Features in-game administration of game servers, multiple user access levels, and database storage. Currently include parsers for: Call of Duty, Urban Terror and more!
6) PyTables - Hierarchical datasets
The goal of PyTables is to enable the end user to efficiently and easily manipulate large datasets (both homogenous, i.e. arrays, and heterogenous, i.e. tables) on a persistent, hierarchical way.
Free-SA is statistic analyzer for daemons log files similar to SARG. Its main advantages over SARG are much better speed (7x-20x times), more reports support, crossplatform work and W3C compliance of generated HTML/CSS reports code.
ProM is the comprehensive, extensible framework for process mining. Process Mining deals with the a-posteriori analysis of (business) processes using enactment logs.
9) Simple Event Correlator
Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.
10) Web Forensik
PHPIDS-based Security Log Analyzer for Apache.
ISC dhcpd leases usage analysis
This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop
MySQL log analyzer and profiler. Extracts the most popular queries grouping them by their normalized form and shows the statistics for each group. Helps developers to recognize most frequently run queries to be able to optimize overall db performance.
29 weekly downloads
FTPstats is a log analyzer and stats compiler for FileZilla FTP Server. It generates usage statistics from log files and presents them in a user-friendly fashion.
14) Web-based Firewall Log Analyzer
Flexible web-based firewall log analyzer, supporting netfilter and ipfilter, ipfw, ipchains and Windows XP system logs, and mysql or postgresql ulogd database logs using the iptables ULOG target of netfilter.For Linux, FreeBSD, OpenBSD, Solaris, OSX,etc.
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.
16) Napsterakos Admin Page Finder
This is an admin page finder writen in VB.NET. In priv8 version there is proxy and user agent options. Also new admin path list that it has over 1000 paths. To run this application you will need .net framework 4.
NeoLogger is Windows Syslog Client similar to the logger command known from UNIX/LINUX systems used to send SYSLOG messages. It adds some usefull features to filter and replace content, reads from standard input, files or the windows eventlog. It is also able to watch a file or an eventlog for changes and transmits only the new entries. Logit is an additional tool, that logs process or batch
X-Itools: eXtended Internet Tools. Suite of tools composed of several modules like agenda, contact list, extended task/flow chart manager, password/device history manager, ticketing system, visitors/badges manager, policy manager (Nagios, and others in the futur)
log_mysql_daemon.pl is a simple squid logfile daemon written in perl that inserts log entries into a mysql database.
this tool tries to repair your broken pcap files by fixing the global header and recovering the packets by searching und guessing the packet headers
20) Cloudiff Monitor Agent for Windows
Windows monitoring agent
OCD is a simple web UI written in PHP [and little CSS]. It displays dashboard of current OSSEC activity. Originally written to allow NOC to monitor OSSEC events in realtime.
G.R.E.A.T. - Google Earth Reporting Engine and Analysis Tool The Goal of this project is to create a basic IDS interface with Google Earth. Currently generates a KML file of traceroute/whois information suitable for use in Google Earth
AfterGlow is a collection of scripts which facilitate the process of generating link graphs from CSV input. AfterGlow 1.x is written in Perl and generates output that can be read by GraphViz
MBM-Log allows to look deeply in collected logs (not only Top 10). All charts are generated on demand. You can easily filter data. MBM-Log can help you with FortiGate diagnostics via SSH (built in commands) Java GUI application.
26) NATDet Log Parser
A log parser written in PHP to parse and store NATDet log in PGSql. It's a command-line tool.
27) STDNOJ - Faster tool creation in C++
Develop cross-platform tools faster using a C++ Framework proven in commercial software. Classes support logging, sockets, RFC servers (NNTP, SMTP, POP, HTTP), object indexing, ini, tagged databases, file systems, and more. The STDNOJ Namespace, by R.A. Nagy
NCSAnalysis is a simple Web traffic log analysis tool that produces Excel-formatted reports detailing daily unique IP hits to specified site resources and/or directories.
This is yet another simple piece of software that extracts all the basic stats from honeyd’s text-based log files and inserts them in a MySQL database. Then you can run some queries and of course visualize the data if you want to. Many things are hardcoded or dead simple, but it does the job. The file is a modified version of “honeyd_importer” perl script originally writen by Joshua Gimer
30) Count IPv6 HTTP Client
This project has two parts. The first one is a hidden counter (using the 1x1 transparent pixel GIF) which registers into a MySQL database all remote IP addresses (whether IPv4 or IPv6), it tries very hard to use IPv6. The second part shows stats.