Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: what should be logged to the DShield sensor - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
what should be logged to the DShield sensor
Hi,
I'm new to setting up a sensor and now have it ready to start sending. I'm using iptables logs.

Should I be sending as much as possible (eg all legitimate traffic as well as bad traffic) or should there be some filtering on my side ?

Also, there doesnt seem to be much on how often these logs should be sent. Should they be sent say once every 10 minutes ?

Thanks,
Andrew
Andrew

1 Posts

Sign Up for Free or Log In to start participating in the conversation!