Submit Dshield ASA Logs

Published: 2015-06-01
Last Updated: 2015-06-01 11:34:36 UTC
by Tom Webb (Version: 1)
0 comment(s)

Recently I made some small modifications to the Dshield Linux Cisco PIX submission perl script (  This allows anyone with an ASA or Cisco Security Manager(CSM) to submit logs to the project with ease.


  1. Setup the ASA or CSM to syslog to a server. (

  2. Edit the config of the dshield.cnf and place it into /etc/

    1. Note: If sending emails, you need a SMTP setup. This script does not have it built-in.

  3. Setup a cron, to submit the logs.



  • Initially it's best to have it cc you the logs so you can validate that everything is working via the dshield.cnf file.


  • If using postfix, make sure that the message size limit is very high, as this will not attach a compressed file, it’s actually has the logs in the message of the email. Default size is 10MB

    • /etc/postfix/

    • message_size_limit =


  • If the email goes through, check the ISC portal My Account -> My Reports. You should see when you last submitted logs. This may lag behind several hours before the website updates, so don’t worry on first submission if it takes a bit.


Now get submitting your logs!


Tom Webb

Keywords: ASA Dshield Logging
0 comment(s)


Diary Archives