Hawk IDS/IPS is a lightweight log analyzer which was designed to be fast and efficient. It scans log files on the fly and bans IPs which make too many password failures. It adds iptables rules to reject the IP addresses. You can define the logfiles. Hawk provides a unique Web interface and flexibility, and supports sshd, dovecot, courier, pure-ftpd, proftpd, cPanel, and DirectAdmin.
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
imvirt is a Perl script that tries to detect if it is called from within a virtualization container. This is detected by looking for well-known boot messages, directories, and reading DMI (Desktop Management Interface) data. The following containers are detected: Virtual PC/Virtual Server, VirtualBox, VMware, QEMU/KVM, Xen (para and non-para virtualized), OpenVZ/Virtuozzo, UML, and any HVM providing CPUID 0x40000000 detection.
File2Radius is a daemonized script that tails a CDR accounting log file and generates RADIUS accounting records on the wire from it in real time. It was designed to be used with the Broadsoft soft switch, but could be adapted for other sources of CDR data. It supports sending to a primary and backup RADIUS server and automatically follows log files as they are rotated. The script assumes that you are performing duplicate checking on the RADIUS server backend. It supports the loading of bulk archive data with 'fake' source IPs.
Isoline Retrieval uses supervised statistical classification to retrieve isolines from cross-track scanning or similar satellites. It contains software to generate training data using collocation or radiative transfer simulations, as well as routines to interpolate the final fields using a variation of multi-linear interpolation or kernel estimation. The currently-supported satellites are the Advance Microwave Sounding Unit (AMSU) series and, to a lesser extent, the Global Ozone Measurement Experiment (GOME). An ambitious researcher, however, could easily adapt the codes to a similar satellite.