[Dshield] Email Submission Question.

Johannes B. Ullrich jullrich at sans.org
Sat Mar 16 20:53:35 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> What is preferred when submitting Firewall Log Entries via E-mail.

My standard answer: not less than once a day and not more frequently than
once an hour.

We process logs once an hour. So if you send logs more frequently, it just
increases processing overhead. However, to be able to see trends early and 
to provide meaningfull fightback reports, you should send logs at least 
once a day.

> 
> * Real-Time
> 	- As they occur.
> 
> * Batch Mode
> 	- Every n'th event then send off a E-mail
> 	- Every Hour
> 	- Once a Day
> 
> Looking for input.
> 
> James
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8k7DQwWQP+4im9DYRAqjyAKCKCkomJNQA21S70och5vIk95Za0QCeLSL1
NvKeqV3oswCF7YFsuzh4ztE=
=5LOV
-----END PGP SIGNATURE-----




More information about the list mailing list