Software Map

Free-SA is tool for statistical analysis of daemons' log files, similar to SARG. Its main advantages over SARG are much better speed (7x-20x), more support for reports, and W3C compliance of generated HTML/CSS reports. It can be used to help control traffic usage, to control Internet access security policies, to investigate security incidents, to evaluate server efficiency, and to detect troubles with configuration.

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.

Beobachter is a file monitor, usually used to
watch log files. It has a Java Swing interface
that allows the user to customize the highlighting
of the logs depending on the log type. It is a
very simple, multi-platform, fast, and practical
tool.

Lire is a pluggable log analyzer. It has analyzers for over 25 log file formats, ranging from Apache WWW log files to iptables firewall logs and CUPS printing logs. Reports are generated in 9 different output formats, ranging from Excel 95 to PDF to HTML, optionally with included graphs.

webalizer-asn is an autonomous system number (ASN)
extension for Webalizer. It is useful for
high-traffic sites and ISPs that want to know from
which networks visitors are coming from. This
information could be used to plan future peerings
or other things.

webalizer-usercolor is a patch against the
Webalizer Web logfile analyzer that provides
personalized colors on the generated Web pages and
charts.

Apache-logViewSQL is a PHP frontend for
mod_log_sql (formerly mod_log_mysql) which
supports live viewing of Apache log data via
MySQL. It provides the ability to drill down on
live data as it comes in, and it also integrates
with geoIP databases.

aNTG (another Network Traffic Grapher) is a PHP program that collects and graphs network traffic statistics on a Linux machine.

IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.

Nmap Parser is a Perl module to ease the pain of
developing scripts or collecting network
information from nmap scans. Nmap::Parser does its task by parsing the information in the output of an nmap scan by using the XML-formatted output. This module can perform an nmap scan and parse the output automagically using parsescan(). It can parse an nmap XML file. This module was developed to speed up network security tool development when using nmap.

fk is an application proxy suite designed for building IP gateways. Ultimately, the intent is to provide a free software replacement for the TIS firewall toolkit.

MySQL Squid Access Report, "mysar" for short, is a system for near-realtime monitor of user Web activity, using Squid's log file.

Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML, and XML, or to monitor firewalling logs in real-time. For now, netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, and snort input formats are supported. It is particularly fast when asynchronous DNS resolution is enabled.
The goal of the WallFire project is to build a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wflogs is part of the WallFire project, but can be used independently.

Report Magic is an add-on for Analog, a Web site logfile analysis program. Generated reports include a description with tabulated, graphed, and summarized results. All colors, fonts, and background images are completely customizable to help make resulting reports fit the theme of your Web site. Report Magic has translations for several languages. It runs on any platform that will run Perl and pre-compiled versions are available for Win32 and Mac.