My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Ubuntu Package available to submit firewall logs to DShield

Published: 2013-05-20. Last Updated: 2013-05-20 20:16:53 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see

http://isc.sans.edu/clients/ubuntu.html

use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dshield ipv6 ubuntu
3 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

Dr J

I have been using PSAD now for a few weeks and absolutely love the granularity of this utility. It comes with DShield log submission capabilities, uses snort signatures, and will check your iptables configuration for errors...and more.

hxxp://cipherdyne.org/psad/

Oh...and of course it is free!

Jeff
The .deb seems to have gone 404.
fixed the missing file. Sorry. And thanks for the reminder about PSAD. Added it to the client page (not sure why it was missing in the first place :( )

Diary Archives