Free log files software for linux

Logfilter is a tool for performing ad hoc analysis on Apache log files.
Logfilter is especially useful when you wish to find records matching very specific criteria, since you can specify exactly which fields to match.
The tool also plays well in a Unix environment by accepting input either through files or via stdin.
Main features:
- Match only the records you are interested in, ignore everything else
- Fast matching...the code is written in C for maximum portability & performance
- Released under the Apache Licence so you can customise & extend as you wish
Enhancements:
- The command line options were changed to be more in line with Unix philosophy.
- An autoconf script was added to make building logfilter easier.
- A bug in the case sensitivity matching was fixed.

klogview is a KDE real-time log file viewer, like tail -f. The main window contains any number of dockable log panels, with an arbitrary number of log sources in each of them.
Every log source can have a separate font color and style. Other features include filters, alerts, different encodings, and tray support.
Main features:
- Any number of dockable log panels
- Any number of log sources per log panel
- "File" log source
- "Process output" log source
- Configurable fonts and colors
- Filters and alerts
- Tray icon
Enhancements:
- Removed forced autoscroll
- Ability to reopen log files
- Ability to enable/disable log sources stop filter flag

logviewer is a GUI application for easy management of log files. It features page layout configuration, text filtering and date-time filtering for a logs name and for its pages, a date-time format variable, page selection and saving, and configurable file patterns and directories to analyze.
Main features:
- selection of configuration file on starting
- automatic load from configuration file of files list to show
- search configuration: files to show, directories to search files and files patterns to find (*.log, *log*.txt...)
- layout of showing files (show on pages)
- page configuration: number of characters per line and number of lines per page
- files list filtering based on "date-time from/date-time to" filters or text pattern filter
- pages-lines filtering based on "date-time from/date-time to" filters or text pattern filter
- date-time format configuration: standard sequence yyyymmddhhmmss, but with variables separators
- saving filtered or selected pages to new file
Installation
The installation is standard:
Source version:
- copy and decompression of package .tar.gz to installation directory
- ./configure
- make
- logviewer executable are created in src directory
(installation subdirectory)
Binary version:
- copy and decompression of package .tar.gz to installation directory
- decompressed file logviewer is the executable

pflogx is a simple tool that exports OpenBSD packet filter logs to XML files.
pflogx reads a binary log file generated by the pf logging daemon (pflogd) and generates a human-readable and exploitable XML file.
Using an XSLT processor you can convert this XML file to any other format, such as HTML, CSV, or SQL.
Installation:
Installation of pflogx is quite simple. Just type the following commands to compile it and to install it in /usr/local/bin directory:
# make
# cp src/pflogx /usr/local/bin/pflogx
Usage:
Executed without options, pflogx reads packet filter logfile from standard input and generates an XML file containing all entries of logfile to standard output.
Available options are detailed in the next section.
Output XML file contains the following fields:
- Date,
- Interface name,
- Action,
- Rule number,
- Direction,
- Protocol,
- Source address,
- Source port,
- Destination address,
- Destination port.
The last four fields are only defined when protocol is TCP or UDP.
Enhancements:
- The code was fixed to allow building with GCC 2.
- An XSLT file was added for generating XHTML 1.0 Strict files from the output XML file.
- The existing XSLT file for generating HTML was updated to generate HTML 4.01 Strict files.

Log::Dispatch::File::Alerts is a Perl object for logging to alert files.

SYNOPSIS

use Log::Dispatch::File::Alerts;

my $file = Log::Dispatch::File::Alerts->new(
name => file1,
min_level => emerg,
filename => Somefile%d{yyyy!!!!}.log,
mode => append );

$file->log( level => emerg,
message => "Ive fallen and I cant get upn" );

ABSTRACT

This module provides an object for logging to files under the Log::Dispatch::* system.

This module subclasses Log::Dispatch::File for logging to date/time stamped files. See Log::Dispatch::File for instructions on usage. This module differs only on the following three points:

alert files

This module will use a seperate file for every log message.

multitasking-safe

This module uses flock() to lock the file while writing to it.

stamped filenames

This module supports a special tag in the filename that will expand to the current date/time/pid.

It is the same tag Log::Log4perl::Layout::PatternLayout uses, see Log::Log4perl::Layout::PatternLayout, chapter "Fine-tune the date". In short: Include a "%d{...}" in the filename where "..." is a format string according to the SimpleDateFormat in the Java World (http://java.sun.com/j2se/1.3/docs/api/java/text/SimpleDateFormat.html). See also Log::Log4perl::DateFormat for information about further restrictions.
In addition to the format provided by Log::Log4perl::DateFormat this module also supports $ for inserting the PID and ! for inserting a uniq number. Repeat the character to define how many character wide the field should be.
A note on the !: The module first tries to find a fresh filename with this set to 1. If there is already a file with that name then it is increased until either a free filename has been found or it reaches 9999. In the later case the module dies.

mergelog provides a fast tool to merge HTTP log files by date.
mergelog is a small and fast C program, which merges HTTP log files by date in Common Log Format (Apache default log format) from Web servers, behind round-robin DNS.
It has been designed to easily process huge logs from highly stressed servers, and can manage gzipped files.
Enhancements:
- dont abort anymore on corrupted log lines
- set BUFFER_SIZE value to 32Ko
- fixed a major bug on a broken month initialization
- corrections on manpages
- fix in configure.in to abort if zlib is not present
- fixed a potential segmentation fault on malformed log lines
- autoconf compliant thanks to Igor Genibel

LogMon project will monitor one or more log files, updating when more data is available ala tail -f , within a common terminal window via a "split window". User can scroll up/down/left/right through all the windows.
A header displays each frames file name, and number of lines in the file. Very useful when watching several log files at the same time. Ive tested this under Linux and FreeBSD (as of 0.3.3) and I have had reports of it working under MacOS X 10.4.7, but it should work under other Unices. Please let me know if you get it working on another OS.
Enhancements:
- Fixed a scroll-back bug when using page-up
- Added individual frame selection

Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML and XML, or to monitor firewalling logs in real-time.
This project is part of the WallFire project, but can be used independently.
Usage examples:
wflogs -i netfilter -o html netfilter.log > logs.html
converts the given netfilter log file into a HTML report.
wflogs --sort=protocol,-time -i netfilter -o text netfilter.log > logs.txt
converts the given netfilter log file into a sorted (by protocol number, then reverse time) text report.
wflogs -f $start_time >= [this 3 days ago] && $start_time < [this 2 days ago] && $chainlabel =~ /(DROP|REJECT)/ && $sipaddr == 10.0.0.0/8 && $protocol == tcp && ($dport == ssh || $dport == telnet) && ($tcpflags & SYN) -i netfilter -o text --summary=no
shows log entries (without summary) which match the given expression (refused connection attempts that occured 3 days ago to ssh and telnet ports coming from internal network 10.0.0.0/8).
wflogs -i netfilter -o text --resolve=0 --whois=0 netfilter.log
converts the given netfilter log file into a text report (default mode), disabling IP address reverse lookups and whois lookups.
wflogs -i netfilter -o xml netfilter.log > logs.xml
exports netfilter logs in XML.
wflogs -i ipchains -o netfilter ipchains.log > netfilter.log
converts ipchains logs into netfilter log format. So you may process them with your favorite netfilter log analyser, for example (even if the latter may not be better than wflogs itself.
wflogs -i ipfilter -o human --datalen=yes ipfilter.log
produces a report about ipfilter logfile in natural language on stdout, displaying packet length (datalen option) which is not showed by default.
wflogs -R -I
monitors logs in real-time in an interactive shell, waiting for logs in the default system logfile, in guessed format (according to the local firewalling tool).
Supported systems
WallFire is intended to work on real systems such as Unix, especially Linux and *BSD.
Current wflogs input modules are:
- netfilter (Linux 2.4 and 2.6 firewall logs)
- ipchains (Linux 2.2 firewall logs)
- ipfilter (NetBSD, FreeBSD, OpenBSD, Solaris, SunOS 4, IRIX and HP-UX running ipfilter firewall logs).
- cisco_pix (Cisco PIX filter logs)
- cisco_ios (Cisco IOS filter logs)
- snort (Snort ACLs logs)
Please note that input modules are available on any architecture on which wflogs can run (for example, you can perfectly parse Cisco PIX logs on a Linux box).
Enhancements:
- Improved matching of netfilter and ipfilter input modules.
- Added support for Cisco FWSM (PIX).
- Improved netfilter parsing.
- Compilation fixes for *BSD.
- Added wflogs.dtd.
- Added wfchkintegrity tool, which enables to monitor changes in the firewalling configuration.
- Fixed buffer sizes for some input modules.
- Fixed parsing with recent flex versions.