[Dshield] submit firewall logs

Wayne Larmon wlarmon at dshield.org
Thu May 23 16:38:11 GMT 2002


> I've been trying for a long time to figure out
> how to submit firewall logs to dshield.
> I have win98se, Opera 6.01 Browser and
> zone alarm pro. What am I supposed to put
> in the subject line?? I have no problem
> with the time zone except where to put it.
>
> The instructions are for all kind
> of obscure firewall programs such as sonicwall
> and raptor, but nothing about zone alarm.
> Somebody please take the time to post the
> procedure please, I'm sure others have come
> to this roadblock after going thru the sign
> up process.  Thanks.     Mel.

It looks like you are on the page that describes how to write a client.  You
don't need to do that, because there are already clients written to convert
ZoneAlarm Pro logs to our DShield format and main them in.

Look at our Windows clients page.
http://www.dshield.org/windows_clients.html  You can use either our own
"Universal Firewall Client", or VisualZone.  Both are free.  VisualZone does
more analysis of your ZoneAlarm log than our own client does.

Wayne Larmon
wlarmon at dshield.org

> How to send firewall logs to DShield as email
>
> Report submissions are accepted via e-mail. The email has to be
> sent to 'reports at dshield.org'. Please submit at least once a day,
> if possible, but no more often than once an hour.
>
> The subject line of the email should identify the format and the
> UserID (if known.) Please use one of the following formats:
>
> Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname
> Version #]
> Linux 2.2.x Kernel format (ipchains)
>
> Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.4.x Kernel format (iptables)
>
> Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
>
> SonicWall format as created by the SonicWall firewall
>
> Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
>
> Raptor format as created by the Raptor firewall
>
> Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
>
> DShield format
>
> DShield is the preferred format.
>
> (12345 is the UserID in this case. Please substitute your own UserID.)
> TZ -05:00 would be for EST (Eastern Standard Time) Please put in
> your own time zone.
> Determine your time zone from this list:
>
> (Optional) ClientName Version # should be the name of the client
> program and its version number. This is optional, but, if
> included, this helps us to debug any problems. Do not include the
> [] brace characters--they are to indicate that this is optional.
>
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
>
> _____________________________________________________________
> Promote your group and strengthen ties to your members with
> email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list