We always have a banner up on the webpage that says "We want your logs" or "How to submit your logs", however, I want to encourage you to do so.
We love Firewall logs from Cable Modems and Home Users, because they cover more end IP addresses, it allows for more diversity, however, we like to make a call out for large submissions as well. Corporations, small business..etc.. We don't even mind if you obfuscate your logs (there is a feature in the Dshield firewall log submitter to do this!).
We'd like you to automate the logs if you want to, every 6 hours or so, do an automatic submission.
The more logs we get, the more we can correlate, the more visibility we have into the "Bad guys" and the more reactive research we can provide to the public as well.
We at the Internet Storm Center are currently working on a couple projects to be able to not only react to "Bad traffic" (of all kinds!) better, but enable you to be able to interact with the data so you can better protect your networks, and react to threats emerging from your networks as well. To effectively work on this project we need more logs, not only from firewalls, but if you take notice at our "How to submit your logs" page, we want logs from things like Snort, LaBrea, and routers as well. Again, please feel free to obfuscate. We aren't interested in YOUR ip's. We are interested in the IP's doing the attacking.
Currently we process about 10-20 million log entries a day. I'd like to AT LEAST double it. Triple or Quadruple it would be ideal.
Thanks! Please submit your logs! Click here to see how.
But first, please, make sure you are allowed to do so!
-- Joel Esler http://www.joelesler.net
Feb 13th 2009
1 decade ago