Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: what should be logged to the DShield sensor SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
what should be logged to the DShield sensor
I'm new to setting up a sensor and now have it ready to start sending. I'm using iptables logs.

Should I be sending as much as possible (eg all legitimate traffic as well as bad traffic) or should there be some filtering on my side ?

Also, there doesnt seem to be much on how often these logs should be sent. Should they be sent say once every 10 minutes ?


1 Posts

Sign Up for Free or Log In to start participating in the conversation!