NoNox is intended to help automate the defense of Internet servers against attacks such as dictionary login attacks. NoNox monitors log files for user-specified trigger patterns. When a pattern is seen enough times in a given file within a given period of time, NoNox will execute a command. The patterns, time limits, files to watch, and commands are all user-specified. For example, if NoNox sees too many failed login attempts from one IP address, it could execute a command that tells a firewall to drop packets from that host, instantly cutting off the attacker.
The ProM Import Framework allows you to extract process enactment event logs from a set of information systems. These can be exported in the MXML format, which is the standard event log data format for Process Mining analysis techniques. Process Mining is a family of a-posteriori analysis techniques to extract abstract information from process enactment logs. More in-depth information about the area of process mining is available at processmining.org.
MonAMI aims to be a standard place for monitoring the availability and performance of services. It can talk to many different monitoring systems while remaining easy to configure. It has a plugin structure, making it easy to add new things to monitor or to integrate with new monitoring systems.
svncommit_hook.php was written to address the numerous problems with the commit_email.pl script which is bundled with subversion. Email messages sent by this script are sent as multipart messages with each diff in its own part. All of the parts are sent as nicely formatted HTML. It is possible to specify the charset of the files in the repository (the default is still UTF-8). Diffs are displayed only for the modified files. Diffs are colored. PHP files are validated with "php -l". It is possible to specify the URL of a corresponding Trac-resource, and the links to the files will be automatically included in the email.
System Local Audit Daemon can run standalone or managed by systems like IBM-Tivoli, HP-OpenView, or Nessus to perform local security checks. It runs on the target hosts and enables them to call security tools like John the Ripper, Tiger, Tripwire, or a virus scanner via a unified XML interface. It is part of the BOSS Project.
Libptytty is a small library that offers pseudo-TTY management in an OS-independent way. It was created out of frustration over the many differences of PTY/TTY handling in different operating systems for use inside "rxvt-unicode". It also offers session database support (utmp and optional wtmp/lastlog updates for login shells) and supports forking a proxy process after startup and dropping privileges in the calling process. It offers C++ and C-only APIs.
Synapse is an ESB engine and XML router built completely on open standards. It is a mediation framework for XML messages and Web services that allows messages flowing through, into, or out of an organization to be mediated, including aspects such as logging, service lookup, performance mediation, versioning, failover, monitoring, fault management, and tracing.
check_logfiles is a plugin for Nagios which checks logfiles for defined patterns. It is capable of detecting logfile rotation. If you tell it how the rotated archives look, it will also examine these files. Unlike check_logfiles, traditional logfile plugins were not aware of the gap which could occur, so under some circumstances they ignored what had happened between their checks. A configuration file is used to specify where to search, what to search, and what to do if a matching line is found.