Free windows log files software for linux

Log Mine is a tool that produces reports on usage patterns on your Web site.
Web server log files are not just hit counters. They contain valuable information about the usage patterns of your website. Unforunately many web log analysis tools lay emphasis on telling you how many hits your site had or how many pages were seen and how many bytes were transferred.
A more usefull statistic would be which percentage of users came to your site went to a product information page, and which percentage of those users hit the checkout button, and which percentage actually completed their order. The trouble is the very nature of the web makes it nearly impossible to get accurate figures for such statistics.
However over periods of time, the errors present average out and it is possible to get a good indication of these ratios by properly mining the log file. That brings us back to square one, how do we get this information with traditional log analysers?
Traditional log analysers will produce weekly, monthly or daily charts for the usage of your site, but rarely do they allow you to create such charts for individual pages or referrrs - something very usefull if you run advertising campaigns on other sites.
Enter Log Mine. This new web log analyser / Mining tool will allow you to create just about any kind of report from the contents of your log file. Log Mine is not concerned about speed and it will be very greedy when it comes to taking up space on your hard disk/database but it will let you change your reporting without having to process gigabytes of log files each time.
Enhancements:
- Importing of Web server log files into the database was simplified.
- Multiple log files can now be processed at once.
- A bug in the monthly report was fixed.

Nmap Log Stripp3r program is intended to be a way to condense all, or some, of the IPs of a "random" nmap scan into a file for later usage.

Common uses are to be able to feed the file back into nmap with the -iL switch, or feeding it into another port or vulnerability scanner of your choice.

Stripp3r supports stripping the nmap log of all but the IPs of hosts running a certain service, a version of a service, or even an arbitrary banner, and writing them to a file.

This is intended to be a way to condense all the IPs of a "random" Nmap scan into a file for later useage. Common uses are to be able to feed the file back into Nmap its self with the -iL switch, or feeding it into another port or vulnerability scanner.

Useage: ./stripp3r < logfile > < output > "< version string >" -v

Pretty simple. First, you must run an Nmap scan, on random hosts.

Ex. nmap -p 80 -sV -v -iR 500000 -oN nmaplogfile.nmap

This will tell nmap to do a scan service scan of 500,000 random IP addresses for the port 80, vobosely, and save the log to a file named nmaplogfile.nmap. You can change this around, eg, scanning a different service port (if say, you were looking for computers running FTP, you would scan for port 21 instead of 80 for HTTP), scanning a different number of hosts (500,000 or so is good, takes a few hours ususally though), or saving the log file to a different filename.

Nmap will then save a list of hosts that were "up" to a log file, with some informaiton about them, specifically weather the port that you specified was open, closed, or filtered. We are interested in "open" ports, so by default, Stripp3r will take all the log
enteries that have the port your specified listed as "open" and condense them into a file, listing only the IPs, one on each line.

Ex. ./stripp3r nmaplogfile.nmap output.ips

You can be more specific, and have Stripp3r put only the IPs that are running a certain service in the output file. The service string will only register the strings matching EXACTLY, so be careful to get the case and such correct.

apache httpd 1.3.27 (wont work)
Apache 1.3.27 (wont work)
Apache httpd 1.3.27 (works!)

Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27"

If you want to try it with verbosity, say

Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27" -v

And stripp3r will print out what it finds, along with writing it to the file.

You may change, copy, and reproduce this file, as long as the author is given credit for the initial writing of the code.

Log::StdLog is a Perl module with a simple log file via a special filehandle.

SYNOPSIS

use Log::StdLog { level => warn, file => "$0.log" };

# Messages at the same or a higher level are logged...
print {*STDLOG} error => "This error message will be loggedn";
print {*STDLOG} warn => "This warning message will be loggedn";

# Messages at a lower level are ignored...
print {*STDLOG} info => "This info message will NOT be loggedn";

# The default message level is the one that was specified
# when the module was loaded...

print {*STDLOG} "This is a warning message. It will be loggedn";

This module provides a very simple kind of log file, with a very simple interface. Messages are logged simply by printing to *STDLOG, which the module exports to any namespace into which its loaded.

Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML and XML, or to monitor firewalling logs in real-time.
This project is part of the WallFire project, but can be used independently.
Usage examples:
wflogs -i netfilter -o html netfilter.log > logs.html
converts the given netfilter log file into a HTML report.
wflogs --sort=protocol,-time -i netfilter -o text netfilter.log > logs.txt
converts the given netfilter log file into a sorted (by protocol number, then reverse time) text report.
wflogs -f $start_time >= [this 3 days ago] && $start_time < [this 2 days ago] && $chainlabel =~ /(DROP|REJECT)/ && $sipaddr == 10.0.0.0/8 && $protocol == tcp && ($dport == ssh || $dport == telnet) && ($tcpflags & SYN) -i netfilter -o text --summary=no
shows log entries (without summary) which match the given expression (refused connection attempts that occured 3 days ago to ssh and telnet ports coming from internal network 10.0.0.0/8).
wflogs -i netfilter -o text --resolve=0 --whois=0 netfilter.log
converts the given netfilter log file into a text report (default mode), disabling IP address reverse lookups and whois lookups.
wflogs -i netfilter -o xml netfilter.log > logs.xml
exports netfilter logs in XML.
wflogs -i ipchains -o netfilter ipchains.log > netfilter.log
converts ipchains logs into netfilter log format. So you may process them with your favorite netfilter log analyser, for example (even if the latter may not be better than wflogs itself.
wflogs -i ipfilter -o human --datalen=yes ipfilter.log
produces a report about ipfilter logfile in natural language on stdout, displaying packet length (datalen option) which is not showed by default.
wflogs -R -I
monitors logs in real-time in an interactive shell, waiting for logs in the default system logfile, in guessed format (according to the local firewalling tool).
Supported systems
WallFire is intended to work on real systems such as Unix, especially Linux and *BSD.
Current wflogs input modules are:
- netfilter (Linux 2.4 and 2.6 firewall logs)
- ipchains (Linux 2.2 firewall logs)
- ipfilter (NetBSD, FreeBSD, OpenBSD, Solaris, SunOS 4, IRIX and HP-UX running ipfilter firewall logs).
- cisco_pix (Cisco PIX filter logs)
- cisco_ios (Cisco IOS filter logs)
- snort (Snort ACLs logs)
Please note that input modules are available on any architecture on which wflogs can run (for example, you can perfectly parse Cisco PIX logs on a Linux box).
Enhancements:
- Improved matching of netfilter and ipfilter input modules.
- Added support for Cisco FWSM (PIX).
- Improved netfilter parsing.
- Compilation fixes for *BSD.
- Added wflogs.dtd.
- Added wfchkintegrity tool, which enables to monitor changes in the firewalling configuration.
- Fixed buffer sizes for some input modules.
- Fixed parsing with recent flex versions.

Logger::Simple is an implementation of the Simran-Log-Log and Simran-Error-Error modules.

SYNOPSIS

use Logger::Simple;
my $log=Logger::Simple->new(LOG=>"/tmp/program.log");
my $x=5;my $y=4;

if($x>$y){
$log->write("$x is greater than $y");
}

new

my $log=Logger::Simple->new(LOG=>"/tmp/logfile");

The new method creates the Logger::Simple object as an inside-out object. The Log parameter is a mandatory one that must be passed to the object at creation, or the object will fail. Upon creation, this method will also call the open_log method which opens the log file.

write

$log->write("This is an error message");

This method will write a message to the logfile, and will update the internal HISTORY array.

retrieve_history

my @history = $log->retrieve_history; my $msg = $log->retrieve_history;
When called in scalar context, it will return the last message written to the HISTORY array. When called in a list context, it will return the entire HISTORY array

clear_history

$log->clear_history;

This method will clear the internal HISTORY array

This module is based on the Simran::Log::Log and Simran::Error::Error modules. I liked the principle behind them, but felt that the interface could be a bit better.

My thanks also goes out once again to Damian Conway for Object Oriented Perl, and also to Sam Tregar, for his book "Writing Perl Modules for CPAN". Both were invaluable references for me.

I would also like to thank Jerry Heden for his Object::InsideOut module, which I used to create this module.

logviewer is a GUI application for easy management of log files. It features page layout configuration, text filtering and date-time filtering for a logs name and for its pages, a date-time format variable, page selection and saving, and configurable file patterns and directories to analyze.
Main features:
- selection of configuration file on starting
- automatic load from configuration file of files list to show
- search configuration: files to show, directories to search files and files patterns to find (*.log, *log*.txt...)
- layout of showing files (show on pages)
- page configuration: number of characters per line and number of lines per page
- files list filtering based on "date-time from/date-time to" filters or text pattern filter
- pages-lines filtering based on "date-time from/date-time to" filters or text pattern filter
- date-time format configuration: standard sequence yyyymmddhhmmss, but with variables separators
- saving filtered or selected pages to new file
Installation
The installation is standard:
Source version:
- copy and decompression of package .tar.gz to installation directory
- ./configure
- make
- logviewer executable are created in src directory
(installation subdirectory)
Binary version:
- copy and decompression of package .tar.gz to installation directory
- decompressed file logviewer is the executable