[Dshieldannounce] Update: Flags & Test Parser

Johannes B. Ullrich jullrich at euclidian.com
Mon Apr 9 01:57:36 UTC 2001


Starting immediately, we will keep track of TCP flags. For log formats that
already send them (e.g. Linux and new versions of ZoneAlarm), they will just
show up. For the DShield format, we added an additional, optional, column.
See the online documentation for details:
http://www.dshield.org/specs.html#dshield_format

In order to help debugging log parser issues, we have setup a parser-test
page:
http://www1.dshield.org/testparser.php

Just copy & paste a line from a log file, select the format and see what you
get.
Please let us know if you have any problems. Use this tool if you wonder why
your logs are rejected.




More information about the Dshieldannounce mailing list