Top free and open source log management software
As mentioned in the previous post, in my quest to find an alternative to Kiwi Syslog, I looked at a few Software as a Service (SaaS) offerings first, and then started exploring open source log managment projects. I compiled the list below of all useful open source log management software I have found:
- Graylog2 — free open source self-hosted log management and exception tracking. Graylog2 enables you to unleash the power that lays inside your logs. Use it to run analytics, alerting, monitoring and powerful searches over your whole log base. It is licensed under the GNU General Public License v3 (GPLv3) and all source code can be browsed on GitHub. The web interface is using Ruby On Rails, the server is written in Java.
- log2timeline — a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeline that can be analysed by forensic investigators/analysts.
- LogHound — is a tool that was designed for finding frequent patterns from event log data sets with the help of a breadth-first frequent itemset mining algorithm. LogHound can be employed for mining frequent line patterns from raw event logs, but also for mining frequent event type patterns from preprocessed event logs.
- LogReport — the LogReport project serves a dual purpose: developing and maintaining Lire, our Open Source reporting and analysis software, and serving as a nexus of documentation, ideas, and thought on the topic of log files and their potential applications.
- Logstash — is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs. It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
- Logsurfer — is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logsurfer is capable of grouping related log entries together – for instance, when a system boots it usually creates a high number of log messages. In this case, logsurfer can be setup to group boot-time messages together and forward them in a single Email message to the system administrator under the subject line “Host xxx has just booted”. Swatch just couldn’t do this properly.
- Logwatch — is a customizable log analysis system. Logwatch parses through your system’s logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems.
- OSSEC — is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
- OSSIM — provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation. Established and launched by security engineers out of necessity, OSSIM was created with an understanding of the reality many security professionals face: a SIEM is useless without the basic security controls necessary for security visibility. OSSIM addresses this reality by providing the essential security capabilities built into a unified platform. Standing on the shoulders of the many proven open source security controls built into the platform, OSSIM continues to be the fastest way to make the first steps towards unified security visibility.
- Php-Syslog-ng — is a frontend for viewing syslog-ng messages logged to MySQL in realtime. It features customized searches based on device, priority, date, time, and message.
- RSyslog — is an enhanced syslogd supporting, among others, MySQL, PostgreSQL, failover log destinations, syslog/tcp, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part. It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the novice user. The project was initiated in 2003 and seriouosly begun in 2004 by Rainer Gerhards and is currently being maintained by him.
- Sawmill — is a Open Source Unix Syslog log analyzer (it also supports the 956 other log formats listed to the left). It can process log files in Open Source Unix Syslog format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Open Source Unix Syslog logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Open Source Unix Syslog log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
- SEC — simple event correlator is a tool for accomplishing event correlation tasks in the domains of log analysis, system monitoring, network and security management, etc. SEC reads lines from files, named pipes, or standard input, matches the lines with patterns (like regular expressions or Perl subroutines) for recognizing input events, and correlates events according to the rules in its configuration file(s). SEC can produce output by executing external programs (e.g., snmptrap or mail), by writing to files, by calling precompiled Perl subroutines, etc.
- SLCT – simple logfile clustering tool is a tool that was designed to find clusters in logfile(s), so that each cluster corresponds to a certain line pattern that occurs frequently enough. With the help of SLCT, one can quickly build a model of logfile(s), and also identify rare lines that do not fit the model (and are possibly anomalous).
- Snare BackLog — is a program that provides a central collection facility for a variety of log sources, including Snare Agents for Windows, Solaris, AIX, Irix, ISA Server, IIS Server, Lotus Notes (and others), plus any device capable of sending data to a syslog server. The SNARE BackLog is free software (freeware), released under the terms of the GNU Public Licence (GPL).
- syslog-ng Open Source Edition — The syslog-ng application is a high-performance syslog server with advanced log processing services and direct database access. The syslog-ng project is a continuous community effort to create the best log management tool. The project is an advocate and early adopter of open standards, including the syslog RFCs developed by the IETF or the Common Event Expression (CEE) message-description standard of the MITRE Corporation
From: http://baudlabs.com/top-free-and-open-source-log-management-software/
Top free and open source log management software的更多相关文章
- Fluentd: Open Source Log Management
Fluentd: Open Source Log Management "Fluentd" is an open-source tool to collect events and ...
- Open Source Log Management
https://www.elastic.co/solutions/logging The Elastic Stack (sometimes known as the ELK Stack) is the ...
- Open source and free log analysis and log management tools.
Open source and free log analysis and log management tools. Maintained by Dr. Anton Chuvakin Version ...
- Taking A Fresh Look At What Open Source API Management Architecture Is Available
http://apievangelist.com/2014/10/05/taking-a-fresh-look-at-what-open-source-api-management-architect ...
- Jekens Source Code Management None 源码管理没有Git
jekens安装完成后,在配置中Source Code Management没有Git的选项,只有none,搞了大半天,一直安装插件报错,网上找的各种文章均未能解决我的问题,多次尝试后终于解决了这个问 ...
- Apache Kafka源码分析 – Log Management
LogManager LogManager会管理broker上所有的logs(在一个log目录下),一个topic的一个partition对应于一个log(一个log子目录)首先loadLogs会加载 ...
- Top 10 Project Management Software
- nohup top -p 22452 -b >>jiu.log &
解释一下: 1. nohup \$order & 后台执行 2. nohup \$order >>$file & 后台执行,并输入指定文件 3. top -p $num 使 ...
- 使用 Git + Dropbox + SourceTree 做 Source Code Management
此篇文章主要針對有安裝 XCode 的 Mac 用戶. Git 版本控管工具,作用類似 CVS.Subversion(簡 稱SVN),好處在於 Git 不像 CVS 及 SVN 是屬於集中式的版本控管 ...
随机推荐
- 【转】Perl Unicode全攻略
Perl Unicode全攻略 耐心看完本文,相信你今后在unicode处理上不会再有什么问题. 本文内容适用于perl 5.8及其以上版本. perl internal form 在Perl看来, ...
- 算法_php猴子选大王_约瑟夫问题
题目: n个猴子围坐一圈,从第一个猴子开始数,到第m个出列,求最后一个猴子的编号. 分析: 首先想到循环,然后队列,然后堆,所以用数组模拟一个循环的列表,下标为[0-(n-1)],下标+1整除m干掉元 ...
- php pdo mysql数据库操作类
<?php namespace iphp\core; use iphp\App; /** * 数据库操作基类 基于pdo * @author xuen * 支持链式操作,支持参数绑定 * 说明1 ...
- @Html.ActionLink 添加样式 html标签
@Html.ActionLink(item.MessageTitle, "Detail", "News",new { MessageId = item.Mess ...
- 【Chromium中文文档】OS X 沙箱设计
OS X 沙箱设计 转载请注明出处:https://ahangchen.gitbooks.io/chromium_doc_zh/content/zh//General_Architecture/OSX ...
- JavaMail回复
JavaMail邮件回复 http://blog.csdn.net/o_darling/article/details/17558049 http://blog.csdn.net/xiyang_199 ...
- C#的DLL注册为COM,Delphi来调用
非常实用的东西!过去知道这个方法的话可以解决多少问题啊 首先建立一个C#的DLL工程,写一个类 //Test.csnamespace Test...{public class MyTest...{pu ...
- fragment中listview触发事件setOnItemClickListener不好使
<listView/>中// listview点击 ,高度wrap_content改成fill_prarent
- Android手机自带内部存储路径的获取 (转)
转自:http://my.oschina.net/liucundong/blog/288183 我有一台中兴的Android手机,型号是 ZTE U930HD,手机没有插入外置SD卡(也就是Micro ...
- mininet 中图形化界面的安装
just run a GUI in VM console window First, log in to the VM in its console window (i.e. type directl ...