ISC Feature of the Week: How to Submit Firewall Logs
Each week, usually on Tuesday, we are going to highlight an ISC/DShield site feature so all our users become more aware of all the great functionality that is available!
This week's ISC/DShield feature is How To Submit Your Firewall Logs To DShield and can be found at https://www.dshield.org/howto.html
Much of the reporting on the ISC/DShield websites is from data collected from users submitting firewall logs. There are many existing scripts and services available so chances are high that all you have to do to get started is a quick download and cron on your firewall.
Here's how it's done:
1. Signup is recommended for maximum benefits but not required. See the link below for all the added features an account will give you.
www.dshield.org/howto.html#signup
2. Find an existing script to load and cron on your firewall.
www.dshield.org/howto.html#clients
3. If, by chance, you don't find an existing client, you can write your own.
Using the data:
1. Access the data and feeds.
www.dshield.org/feeds_doc.html
2. Browse the data results.
That's a quick link list to get you started. If you can't find the details you're looking for on the website or have a question or comment, please drop us a note in the contact form isc.sans.edu/contact.html
--
Adam Swanger, Web Developer (GWEB)
Internet Storm Center (http://isc.sans.edu)
Comments
In psad.conf you can set
ENABLE_DSHIELD_ALERTS Y;
DSHIELD_ALERT_EMAIL reports@dshield.org;
DSHIELD_ALERT_INTERVAL 6;
DSHIELD_USER_ID 6;
DSHIELD_USER_EMAIL you@somedomain.com;
DSHIELD_DL_THRESHOLD 2;
joshlinx
Jan 4th 2012
1 decade ago
Nathan Christiansen
Jan 11th 2012
1 decade ago