Free exchange log files software for linux

IPTables log analizer displays Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).

This page shall be easy to read and understand to reduce the manual analysis time.

This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.

To convice you, here is a typical syslog entry for iptables :

[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=172.186.2.157 DST=193.253.186.217 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663

How does it work ?

A small deamon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new row in the database.

The statistics and so on are elaborated by the PHP page itself.

Enterprise File Exchange (EFX) slots in where email file attachment limits stop your users from sending those important files to a contact.

In the EFX world, the user visits the EFX site, uploads the file, enters the receivers email address and lets the system notify the receiver that theres a file waiting for them, via a simple email message.

Senders need to sign up, and the EFX system only allows transfers between internal users (those with addresses in an approved list) and external users, never external to external.

It is written in Python, using the Pylons framework.

This project is licensed under the GNU GPL version 3.

NewSyslog is a highly configurable program for managing and archiving log files.
Main features:
- It is more portable (using GNU Autoconf) and it can be compiled and installed on most any modern Unix or Unix-like system.
- It has support for fixed time-of-day daily archiving with a command-line option to identify the daily roll-over invocation (which may be at midnight, or at any other regular daily time).
- It supports the FreeBSD feature that allows specification of the log roll-over time as a daily, weekly, or monthly interval (with optional time-of-day specification for the last two). [The other overly flexible, ISO 8601 interpretation of the interval "@" option is not supported -- it is too generic and not meaningful enough in the context of log file management.]
- It supports optional PID files so that non-standard daemons can be told to re-open their logfiles after archiving has taken place. (Including /dev/null which disables signalling of any daemon when the specified log file is rolled over.)
- It can send a signal other than SIGHUP to the daemon associated with a given log file.
- It can leave the most recently archived log file uncompressed, which is necessary for daemons like httpd and smail because they continue to write to the current log file until their current jobs have completed. (This also makes it much easier to review recent log data with normal Unix tools.) [NetBSD now has this feature.]
- It supports the FreeBSD feature of being able to restrict processing to just those log files specified on the command line.
- Unlike the NetBSD version it first parses the config file before taking any action, meaning that if any errors are encountered it will report them and quit without doing anything.
- Unlike the FreeBSD version, it will roll a log file if either the interval or size limits have been reached (FreeBSDs version makes it too easy to have a rapidly growing log file overflow the filesystem).
- Unlike the NetBSD version it always creates any missing log file (though this can be disabled on a per-file basis).
- It uses an advisory lock on the current configuration file to prevent multiple invocations from tripping over each other.
- The documentation is far better!

Regexp::Log::BlueCoat is a regexp builder to parse BlueCoat log files.

SYNOPSIS

my $blue = Regexp::Log::BlueCoat->new(
format => %g %e %a %w/%s %b %m %i %u %H/%d %c,
capture => [qw( host code )],
);

# the format() and capture() methods can be used to set or get
$blue->format(%g %e %a %w/%s %b %m %i %u %H/%d %c %f %A);
$blue->capture(qw( host code ));
$blue->ufs( smartfilter );

# this is necessary to know in which order
# we will receive the captured fields from the regex
my @fields = $blue->capture;

# the all-powerful capturing regex :-)
my $re = $blue->regex;

while () {
my %data;
@data{@fields} = /$re/;

# do something with the fields
}

Regexp::Log::BlueCoat is a module that computes custom regular expressions to parse log files generated by the BlueCoat Sytems Port 80 Security Appliance.
See the Regexp::Log documentation for a description of the standard Regexp::Log interface.

Nmap Log Stripp3r program is intended to be a way to condense all, or some, of the IPs of a "random" nmap scan into a file for later usage.

Common uses are to be able to feed the file back into nmap with the -iL switch, or feeding it into another port or vulnerability scanner of your choice.

Stripp3r supports stripping the nmap log of all but the IPs of hosts running a certain service, a version of a service, or even an arbitrary banner, and writing them to a file.

This is intended to be a way to condense all the IPs of a "random" Nmap scan into a file for later useage. Common uses are to be able to feed the file back into Nmap its self with the -iL switch, or feeding it into another port or vulnerability scanner.

Useage: ./stripp3r < logfile > < output > "< version string >" -v

Pretty simple. First, you must run an Nmap scan, on random hosts.

Ex. nmap -p 80 -sV -v -iR 500000 -oN nmaplogfile.nmap

This will tell nmap to do a scan service scan of 500,000 random IP addresses for the port 80, vobosely, and save the log to a file named nmaplogfile.nmap. You can change this around, eg, scanning a different service port (if say, you were looking for computers running FTP, you would scan for port 21 instead of 80 for HTTP), scanning a different number of hosts (500,000 or so is good, takes a few hours ususally though), or saving the log file to a different filename.

Nmap will then save a list of hosts that were "up" to a log file, with some informaiton about them, specifically weather the port that you specified was open, closed, or filtered. We are interested in "open" ports, so by default, Stripp3r will take all the log
enteries that have the port your specified listed as "open" and condense them into a file, listing only the IPs, one on each line.

Ex. ./stripp3r nmaplogfile.nmap output.ips

You can be more specific, and have Stripp3r put only the IPs that are running a certain service in the output file. The service string will only register the strings matching EXACTLY, so be careful to get the case and such correct.

apache httpd 1.3.27 (wont work)
Apache 1.3.27 (wont work)
Apache httpd 1.3.27 (works!)

Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27"

If you want to try it with verbosity, say

Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27" -v

And stripp3r will print out what it finds, along with writing it to the file.

You may change, copy, and reproduce this file, as long as the author is given credit for the initial writing of the code.

klogview is a KDE real-time log file viewer, like tail -f. The main window contains any number of dockable log panels, with an arbitrary number of log sources in each of them.
Every log source can have a separate font color and style. Other features include filters, alerts, different encodings, and tray support.
Main features:
- Any number of dockable log panels
- Any number of log sources per log panel
- "File" log source
- "Process output" log source
- Configurable fonts and colors
- Filters and alerts
- Tray icon
Enhancements:
- Removed forced autoscroll
- Ability to reopen log files
- Ability to enable/disable log sources stop filter flag

Querylog project is a console tool for performing SQL queries on a (log) file.

Lines from one or more text files or stdin are matched, using regular expressions to an in memory database on which SQL queries can be performed.

You also specify queries in the config file (SELECTs, INSERTs, CREATE VIEWs, etc). Queries that generate output are printed to stdout in plain text at the moment. In the future it will be possible to specify output formatters. The tool is written in C++ using the boost program options and regex library and the sqlite libraries for the in memory database.

I first wrote this tool to extract accounting information from cups page log files (in which accounting infomation was on different lines than job information), but due to the generic nature of the tool it can be used in many situations in which specific information needs to be retrieved from (in the future multiple) text files and presented in a more usable format.

Building:

Youll need the boost headers and libraries for (program_options and regex) which you can get at http://www.boost.org/, and the sqlite3 headers and libraries which you can get at http://www.sqlite.org/.

Im using boost build, so if you have that all you have to do is run:

> bjam

Alternativly, as the program now has only a single source file, you can just use g++ to compile and link it.

Ill create a nicer build enviroment one of these days.

Running:

Options must be specified on the commandline or in a config file (key = ["]value["]). Run querylog --help for details. The input file may be ommited, in which case data will be read from stdin until the eof.