My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Ubuntu Package available to submit firewall logs to DShield

Published: 2013-05-20. Last Updated: 2013-05-20 20:16:53 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see

http://isc.sans.edu/clients/ubuntu.html

use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dshield ipv6 ubuntu
3 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

Dr J

I have been using PSAD now for a few weeks and absolutely love the granularity of this utility. It comes with DShield log submission capabilities, uses snort signatures, and will check your iptables configuration for errors...and more.

hxxp://cipherdyne.org/psad/

Oh...and of course it is free!

Jeff

HackDefendr.com

May 20th 2013
1 decade ago

The .deb seems to have gone 404.

jdcard

May 21st 2013
1 decade ago

fixed the missing file. Sorry. And thanks for the reminder about PSAD. Added it to the client page (not sure why it was missing in the first place :( )

jullrich@sans.edu

May 21st 2013
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives