How to configure the DShield
Kiwi Syslog Daemon is a program that captures logs from routers and firewalls. You configure your DLink router to save its log files using a method that Kiwi can accept. Then install Kiwi and configure it to capture the logs from your router/firewall. Kiwi then saves the logs to disk. When you install CVTWIN, you configure it to use this log file.
- Use the router's web administration to configure your router to broadcast its logs using Syslog.
- Install and configure Kiwi so that it catchs these logs and writes them to disk.
- Install our CVTWIN so it can read the log that Kiwi writes to disk and convert to "DShield" format and send the log into DShield
Go to the web administration of your D-Link router and go to the Status tab.
Enter the IP address of the machine that will be running Kiwi. Make sure that Enable is checked. Click on "Apply
Download Kiwi Syslog Daemon from the Kiwi site Be sure to download the KIWI Syslog SERVICE application (if you are using NT/2K/XP) which will run it as a service so no one has to be logged in. Note that Kiwi is available in both a free and a paid version. The free version will work for our purposes.
Install Kiwi and start it. You should see
Click on File/Properties
Click on Rules/Default/Actions/Log to file
It should be set to
Kiwi format ISO yyyy-mm-dd (Tab delimited)
Note the "Path and file name of log file" The default is
Configure CVTWIN to use this log file.
Now check to see if Kiwi is set up to accept the log in the manner that your router/firewall is saving it. Check the router/firewalls documentation.
Click on Apply and OK. Kiwi should now be capturing your logs. You should see them in Kiwi's main screen.
Run the DShield Client to set it up (click Edit, Configure) Fill in the appropriate information. Select Kiwi D-Link DI-704P as the firewall and select the logfile (SystemCatchAll.txt, probably) you found above.
Perform a test conversion. (File->Convert) and examine the output. Check to see if any filtering needs to be done (Filters are on the the Edit menu.)
When you are satisfied that CVTWIN is converting properly, Open Control Panel, Open Scheduled tasks, Create a new task that runs every day as per the DShield instructions.
Important note: Kiwi Syslog Daemon is a general purpose tool that can capture logs from any firewall/router that can broadcast the logs as Syslog events or SMNP traps. CVTWIN needs to have a converter written for the specfic logs that you are converting. If you are using Kiwi to capture a firewall log, but CVTWIN doesn't support your log format, please contact email@example.com. Ditto if you have any other problem with CVTWIN.
Thanks to Charles Schneider for helping with this.