Survey: How Can We Get You to Submit Logs To Us

Published: 2015-12-28
Last Updated: 2015-12-28 20:31:08 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)

About once a year, we run a brief survey of our readers to figure out how to improve our site. This year, we want to focus on issues people  have submitting logs. We added a lot of new features and new methods to access our data. We for example significantly expanded our API, added features like 'color my logs' to make it easier to use our data without having to write code, and added additional data sources with external open threat feeds.

In the end the, core data we provide comes from users who submit firewall and other logs on an ongoing basis. In particular, home users can be very valuable submitters in that they can provide good data illuminating the internet's "Background Radiation" of port scan and similar activity. One issue we have been running into is that routers and firewalls often used by home users no longer provide logs. So we are trying to figure out what is holding back users who would like to submit logs.

If you would like to submit logs, but can not do so currently, then please take 5 minutes to fill out our survey.

Please share this link with friends/social media.

Johannes B. Ullrich, Ph.D.

8 comment(s)


<sarcasm> Why would we submit logs to SANS when the US government is going take care of all the threat intelligence in the near future. </sarcasm>
Just couldn't resist. Keep up all the great work!
I could put a dual nic box running Ubuntu + Netfilter between my home cable modem and wireless router/firewall in exchange for some SANS infosec training :)
Thank you I would love to be a part of this again. I have been signed up but cant get my system to send the fire wall logs. If I can get more assistance configuring it I would be more than happy to participate. I was on a excellent list here that talked about what was going across the net work. When the first slammer data started comming. We didn’t know it was slammer at first. I would also really like to be on that list again. I know the importance of the fire wall information. I also helped on the first honeypot team. I am proud to have known D-Shield for as long as I have, and recommend this site often to others that want to see what is going on in the net. Please help me get my system running the software, and I will definately send the fire wall logs.
Sadly I was forced to replace my old DLink router as the date portion of the firmware wouldn't reach 2015 (hence it wouldn't connect to the Internet. Asked for a date fix and never received a reply from DLink). I now have a TP Link TL-R860 but it's logging feature stinks compared to the old DLink and there is no option to send what useless log it has to anywhere. The company hasn't updated the firmware since 2011 as I just checked for an update. I complained about the lack of logging information, the inability to send the log anywhere and just received the standard brush off. Won't buy their product again. Just love these companies that can't be bothered to respond, fix or improve their products.
I feel your pain!
For me, the capability to send data "outside" of the box is a mandatory feature on my list of requirements... "No log, no way".
> replace D-Link router due to "date" issues ...


for a link to D-Link's FTP-site, which does have some updated firmware for some versions of some models of their devices.

P.S. Also, see:
for a "backdoor" for some D-Link devices.
Thank you for the link. The first one I might give a try as soon as I get a chance to give it a go.
[quote=comment#36023]I feel your pain!
For me, the capability to send data "outside" of the box is a mandatory feature on my list of requirements... "No log, no way".[/quote]

Part of the frustration is as a consumer,you can't find out what log capabilities there are before you purchase. I searched and searched but couldn't obtain any information on it. Seems the manufacturer doesn't regard the logging feature as important to consumers (or anyone else).

Diary Archives