[Dshieldannounce] Update: Flags & Test Parser
Johannes B. Ullrich
jullrich at euclidian.com
Mon Apr 9 01:57:36 UTC 2001
Starting immediately, we will keep track of TCP flags. For log formats that
already send them (e.g. Linux and new versions of ZoneAlarm), they will just
show up. For the DShield format, we added an additional, optional, column.
See the online documentation for details:
In order to help debugging log parser issues, we have setup a parser-test
Just copy & paste a line from a log file, select the format and see what you
Please let us know if you have any problems. Use this tool if you wonder why
your logs are rejected.
More information about the Dshieldannounce