Open Source Logging Software

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Cyberoam iView; the Intelligent Logging & Reporting solution provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance. To know more about Cyberoam and it’s security solutions visit us at www.cyberoam.com.

NOTE PROJECT MIGRATED TO GITHUB - https://github.com/samrocketman/ekeyfinder is a Magical Jelly Bean Keyfinder fork. It is a utility that retrieves the product key used to install Windows from your registry or from an unbootable Windows installation. It works on Windows 9X, ME, NT/2K/XP, and Vista/Win7 and for other software.

File system/directory monitoring utilities with loggin and task processing support (can execute files or make a WCF service call). Multiple configuration options. Source code libraries can be used to create a custom file system monitor.

OpenXDAS is an open source implementation of the Open Group's Distributed Auditing Service (XDAS) specification. OpenXDAS provides a complete implementation of the XDAS specification API, including client-side instrumentation and filtering.

THIS PROJECT HAS BEEN ABANDONED SINCE 2007, NO SUPPORT WILL BE PROVIDED. Winpooch is a watchdog for Windows (2000, XP, 2003, but only 32-bits). It detects modifications in your system, so as to detect a trojan or a spyware installation. It also includes a real-time anti-virus. Set your own security level for anti-spyware, ant

Recursive computing and matching of Context Triggered Piecewise Hashing (aka Fuzzy Hashing). Supports Windows, *nix, BSD, OS X, etc.

A Gradle plugin for printing beautiful logs on the console while running tests. The plugin registers an extension called testlogger (all lowercase and one word) at project level as well as for each task of type Test. By default, the showExceptions flag is turned on. This shows why the tests failed including the location of the failure. Of course, you can switch off this slightly more verbose logging by setting showExceptions to false. Just like Gradle itself, by default only the last frame that matches the test class's name in a stack trace is printed. For vast majority of cases, that is sufficient. Sometimes, it is useful to remove this filtering in order to see the entirety of the stack trace.

tcpick is a textmode sniffer; it tracks tcp streams, shows the status, reassembles and saves the data captured in files or displays them in the terminal in different modes (ascii, hex..). There is a color-mode. Useful to get files passively.

Logs Analyzer, Alerter & Reporter with a Web Interface

A simple keylogger written in python. It is primarily designed for backup purposes, but can be used as a stealth keylogger, too. It does not raise any trust issues, since it is a set of [relatively] short python scripts that you can easily examine.

# clearlogs Clear All Windows System Logs - AntiForensics -- ------------------------------------------------------------------------- # wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. https://technet.microsoft.com/en-us/library/cc732848.aspx -- ------------------------------------------------------------------------- # .Net Framework 4.5.1 -- ------------------------------------------------------------------------- #Visual Studio 2013

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), Cisco ASA (show run / syslog format), 360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis. 360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them. Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options. Switch into DROPS mode to analyse drop log entries.

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

Non-stealth keylogger for Windows. Records mouse and keyboard (precision~10-15ms), log of events (disk size~2.5k/s) + log of operations (~ 0.2k/s). Standalone, with local copy of Python: unzip to install, delete to uninstall.NEW: hidden/visible icon

This program allows you to explore the history of connecting usb drives after installing the system. Small size(19 kb with Gui). Very simple GUI. Export information to *.csv file. Enjoy!

KeyCounter is a tool for the tray-bar that helps you to get statistics about the useage of your computers keyboard, mouse and uptime. KeyCounter is not intended to work as a keylogger.

A resource-conscientious, flexible, modular, platform-independent, scalable and robust server based on ircd-ratbox.

LKL is a userspace keylogger that runs under Linux on the x86 arch. LKL logs everything that passes through the hardware keyboard port (0x60). It translates keycodes to ASCII with a keymap file.

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

Php-Loging-System is a front-end for viewing syslog-ng messages and snort alerts logged to MySQL in real-time, with Apache, Bash, and Squid detailed searching and analysis.