Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: what should be logged to the DShield sensor SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
what should be logged to the DShield sensor
Hi,
I'm new to setting up a sensor and now have it ready to start sending. I'm using iptables logs.

Should I be sending as much as possible (eg all legitimate traffic as well as bad traffic) or should there be some filtering on my side ?

Also, there doesnt seem to be much on how often these logs should be sent. Should they be sent say once every 10 minutes ?

Thanks,
Andrew
Andrew

1 Posts

Sign Up for Free or Log In to start participating in the conversation!