Yin Yang is a real-time Linux file scanner that is activated whenever a file is accessed. When a file opening system call is detected, it will send the full pathname of the file to a network daemon. The network daemon will then pass the pathname of the file to a file scanner, such as an anti-virus scanner, and return the status. The status will then be reported back to the network daemon, and the response will be passed back to the system call. The default action logs a message to the system logger. The file scanner is wrapped with the original file opening system call, so it will open the file normally after the file scanning.
changedfiles is a framework for filesystem replication, security monitoring, and/or automatic file transformations--essentially any application where you'd poll files or directories and either do something to them or send them somewhere else (or both). The difference is that the kernel tells you when they change instead of you having to poll. It's an easy real time FTP push mirror to one or multiple sites. It's also a full fledged MySQL client, so you can do realtime database operations (for example, batch imports). It consists of two parts: a kernel module (works with Linux kernel version 2.4) which reports to a device whenever a file on the filesystem changes, and a daemon which runs in user space and can be configured to do almost any action when a change to a file matching the one of the patterns it looks for is reported. The kernel module is SMP safe and has been tested on Intel, PowerPC, and Alpha.
Log4php is a PHP port of Log4j, the most popular Java logging framework. It supports configuration through XML and properties files (with the same structure as log4j) and custom Configurators. File, RollingFile, DailyFile, Echo, Console, Mail, PEAR::Db, PHP error, Syslog or NT events, and socket appenders are supported. Simple, TTCC, Pattern, Html, and Xml Layouts are supported. It also supports Filters, custom Levels, and Loggers. Internal debugging can be switched on and off. Log4php can be used inside a class or inside a main/sub function.
Oak monitors syslogs from a collection of servers, and notifies the operators when problems arise. In addition to providing immediate notification of critical issues, it will also batch less critical problems into summary messages, which can be sent less often, and via any medium. It is part of the 'ktools' collection of network administration utilities.
Sysmon is a tool to monitor the state of one or more computers. It’s based on a daemon and a PHP script. The first has to be runned in all boxes you need to check, and the second calls the daemon and prints the state into a nice Web frontend. The sysmond functions can be easily expanded by writing modules.
SysOrb is a client/server package that can monitor servers remotely (such as Web servers), or monitor devices on servers (such as disks, memory, load, etc.). It will alert the administrators via e-mail or pager if a server is entering a critical condition, and has its own database backend, allowing for massive collection of system statistics.
OSSP l2 is a C library providing a very flexible and sophisticated Unix logging facility. It is based on the model of arbitrary number of channels, stacked together in a top-down data flow tree structure with filtering channels in internal nodes and output channels on the leave nodes. Channel trees can be either constructed manually through lower-level API functions or all at once with a single API function controlled by a compact syntactical description of the channel tree. For generating log messages, a printf-style formatting engine is provided which can be extended through callback functions. The data flow inside the channel tree is controlled by logging message severity levels which are assigned to each individual channel.
OSSP fsl offers the syslog API otherwise provided by libc. Instead of writing to the syslogd process, it uses the powerful OSSP l2 logging capabilities. It is a drop-in link-time replacement which enables any syslog consumer to take advantage of OSSP l2 by just linking this library in before libc. The program is intended to apply OSSP l2 functionality to existing syslog-based third-party programs without the requirement to change the source code of the program.
The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit. It works with Snort 1.9.0, 1.9.1, and 2.0.2.