Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: How to Submit Firewall Logs

Published: 2012-01-03
Last Updated: 2012-01-04 14:43:30 UTC
by Adam Swanger (Version: 1)
2 comment(s)

Each week, usually on Tuesday, we are going to highlight an ISC/DShield site feature so all our users become more aware of all the great functionality that is available!

This week's ISC/DShield feature is How To Submit Your Firewall Logs To DShield and can be found at https://www.dshield.org/howto.html

Much of the reporting on the ISC/DShield websites is from data collected from users submitting firewall logs. There are many existing scripts and services available so chances are high that all you have to do to get started is a quick download and cron on your firewall.

 

Here's how it's done:

1. Signup is recommended for maximum benefits but not required. See the link below for all the added features an account will give you.

www.dshield.org/howto.html#signup

2. Find an existing script to load and cron on your firewall.

www.dshield.org/howto.html#clients

3. If, by chance, you don't find an existing client, you can write your own.

www.dshield.org/specs.html

 

Using the data:

1. Access the data and feeds.

www.dshield.org/feeds_doc.html

2. Browse the data results.

www.dshield.org/reports.html

 

That's a quick link list to get you started. If you can't find the details you're looking for on the website or have a question or comment, please drop us a note in the contact form isc.sans.edu/contact.html

--
Adam Swanger, Web Developer (GWEB)
Internet Storm Center (http://isc.sans.edu)

Keywords: ISC feature
2 comment(s)
Diary Archives