Open Source Mac Log Analysis Software

AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

AfterGlow is a scripts which facilitates the process of generating link graphs from CSV input. AfterGlow is written in Perl and generates output that can be read by GraphViz, Gephi, etc. Source: https://github.com/zrlram/afterglow Tarball: http://pixlcloud.com/afterglow-2

This project is an attempt to redesign the snort database schema and to provide a new analysis frontend and associated tools.

Ida, is a Apache log security analyzer written in PHP. It will scan Apache logs and report about security incidents like SQL injections, XSS attacks, path traveling and so on.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

Nuhe Client is a project related to the Nuhe Action Capable Log Monitor. This GUI client simplifies the administration of sensors and node managers, making it easier to control and monitor the network. Comes with a rule editor as well as a log monitor.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Capra is a Open Source tool to quickly get some nice and useful reports out off your Watchguard Fireware log files.

This is a multiplatform general utility suite for use with existing network stumbling software, such as Kismet or NetStumbler. The program will convert between multiple output logs, including the popular wi-scan format, between platforms.

DNA is an open, flexible and extensible deep network analyzer software server and software architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.

Experimental Hybrid Intrusion Detection System written in Java

Command line LOGalyze client. logalyze-cli is a powerful command line client for managing LOGalyze engine. With LOGalyze application log analyzer, you can collect your log data from any device, analyze, normalize and parse them.

Visualize Application and Firewall Logs with Google Earth. A web based PHP parser feeds Google Earth with near realtime data.

This is a program that watches your system log files, looking for hack attempts. It instanty reacts to potential security breaches by (for instance) adding firewall rules to cut off the attacker.

NARC Network Analysis Reporting Console takes output from security tools like Nessus, and NMap & populates a database via automated scripts for reporting purposes. Version 0.DC14 also includes rudimentary reporting capabilities. New from kaos.theory

A number of tools to enhance management/coding of NFR (http://www.nfr.net) IDA, and various other admin tools that can be used for both NFR and hand coding other appliance scripts.

“Instead of remembering a sequence of characters as the secret, users have to remember a shape as the secret.”

A Lightweight P2P Threat Analysis Bus

SIGOF (Security Information Graphics Oriented Forensic) aims at synthetizing security log, stored in a acid/base database schema, in order to provide a graphical / visual oriented security forensic and statistical analysis.

Skavenger analyzes HTTP traffic logged by various Web proxies (including WebScarab and Burp) for indications of common web vulnerabilities such as XSS, CRLF injection and various kinds of information disclosure.

This project contains the PERL scripts, which can rearrange the logs from /var/log/messages and insert in to the database. Scripts can also separate logs for each syslog clients as well as for each application of syslog client.

Tattoo will provide a set of command-line scripts for analyzing raw tcpdump files or ASCII hexadecimal representations of network traffic to identify format, function, and communication model.

NOTE: This project is no longer under active developement. Check out the successor at: https://github.com/jensvoid/lorg Web Forensik ist a script that uses PHPIDS to automatically scan your HTTPD logfiles for attacks against web applications. Check the Wiki for installation, configuration, usage.