nxlog - Multi platform Log management

•    C

nxlog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc.

LogTrail - Log Viewer plugin for Kibana

•    Javascript

LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in realtime with devops friendly interface inspired by Papertrail.

APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

•    Python

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter , Incident Responder or forensic investigator , i assure you will enjoy using this tool , why ? i will discuss the reason in this article and how it will make your life easy just it made mine . Kindly note this tool is heavily tested but still a beta version and may contain bugs . The first thing to do is to collect the logs if you didn’t and with powershell log collectors its easy to collect the needed logs automatically you just run the powershell scripts as administrator .

nxlog

•    C

A multi-platform universal log collector and forwarder

Fluentd - Data collector, Log Everything in JSON

•    Ruby

Fluentd is an event collector system. It is a generalized version of syslogd, which handles JSON objects for its log messages. It collects logs from various data sources and writes them to files, database or other types of storages.

Zenoss - Open Source IT Management

•    Python

Zenoss Core is an open source IT monitoring product that delivers the functionality to effectively manage the configuration, health, performance of networks, servers and applications through a single, integrated software package.

Epylog - a Syslog parser

•    Python

Epylog is a syslog parser which runs periodically, looks at your logs, processes some of the entries in order to present them in a more comprehensible format, and then mails you the output. It is written specifically for large network clusters where a lot of machines (around 50 and upwards) log to the same loghost using syslog or syslog-ng.

Event Log Analyzer

•    WPF

Event Log Analyzer is a simple yet powerful tool to analyze event logs in Windows. It has features to group similar events together, give graphical view of distribution of events over time and in similarity. It is developed in C# and WPF and uses MVVM framework.

Event Log to SysLog

•    CSharp

el2sl mean Event Lot to SysLog. This program start as windows service and send windows event logs to syslog server over network. Source code avialable on github: https://github.com/Sheridan/el2sl

Graylog2 - Open Source Log Management

•    Java

Graylog2 is an open source log management solution that stores your logs in ElasticSearch. It consists of a server written in Java that accepts your syslog messages via TCP, UDP or AMQP and stores it in the database. The second part is a web interface that allows you to manage the log messages from your web browser. Take a look at the screenshots or the latest release info page to get a feeling of what you can do with Graylog2.

Octopussy - Perl/XML Logs Analyzer, Alerter & Reporter

•    Perl

Octopussy is a Log analyzer tool. It analyzes the log, generates reports and alerts the admin. It has LDAP support to maintain users list. It exports report by Email, FTP & SCP. Scheduled reports could be generated. RRD tool to generate graphs.

liblogfaf - A library that logs messages using non-blocking UDP datagrams.

•    C

liblogfaf (faf stands for fire-and-forget) is a dynamic library that is designed to be LD_PRELOAD-ed while starting a process that uses openlog() & syslog() functions to send syslog messages. It overrides logging functions to make log messages sent as UDP datagrams instead of getting written to /dev/log (which can block). This is useful for processes that call syslog() as part of their main execution flow and can therefore be easily broken when /dev/log buffer gets full, for example when the process that is expected to read from it (usually system syslog daemon like rsyslog or syslog-ng) stops doing that.Please note that liblogfaf should not be used in an environment where reliable log message delivery is required.

liblogfaf - A library that logs messages using non-blocking UDP datagrams.

•    C

liblogfaf (faf stands for fire-and-forget) is a dynamic library that is designed to be LD_PRELOAD-ed while starting a process that uses openlog() & syslog() functions to send syslog messages. It overrides logging functions to make log messages sent as UDP datagrams instead of getting written to /dev/log (which can block). This is useful for processes that call syslog() as part of their main execution flow and can therefore be easily broken when /dev/log buffer gets full, for example when the process that is expected to read from it (usually system syslog daemon like rsyslog or syslog-ng) stops doing that. Please note that liblogfaf should not be used in an environment where reliable log message delivery is required.

Windows Event Log Manager

Windows Event Log Manager is a tool for creating, editing, and viewing windows event logs.

awslogs - AWS CloudWatch logs for Humans™

•    Python

awslogs is a simple command line tool for querying groups, streams and events from Amazon CloudWatch logs. Running: awslogs get /var/logs/syslog ALL -s1d will return you events from any stream in the /var/logs/syslog group generated in the last day.

Webalizer - fast web server log file analysis

•    C

The Webalizer is a fast web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser. It handles standard Common logfile format (CLF) server logs, several variations of the NCSA Combined logfile format, wu-ftpd/proftpd xferlog (FTP) format logs, Squid proxy server native format, and W3C Extended log formats.

Project Lasso

•    C

Project Lasso is Windows-based open source software designed to collect Windows event logs, including custom application logs, and provide central collection and transport of Windows log data via UDP/TCP syslog.

OSSEC - Host-based Intrusion Detection System

•    C

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

Syslog Backup Scripts

•    Perl

This project contains the PERL scripts, which can rearrange the logs from /var/log/messages and insert in to the database. Scripts can also separate logs for each syslog clients as well as for each application of syslog client.

frontail - streaming logs to the browser

•    Javascript

frontail is a Node.js application for streaming logs to the browser. It's a tail -F with UI. Web interface runs on http://127.0.0.1:[port].