[Dshield] Problems with log submission
dshield at kings-realm.net
Mon Nov 4 16:54:46 GMT 2002
As a new user of the dshield service, I have submitted several logs over
the past two days and am still showing no lines submitted when I log in
and try to view my reports.
I have submitted Linux 2.4 iptables logs through the web interface as
well as with the Dshield.py client. I have also submitted Windows XP
ICF logs through the cvt-win client.
I have even tried to use the Test Parser to submit in the Dshield
formatted log line and it returns nothing (no lines listed after posting
and no error messages). I have even manually confirmed the format of
the converted log line and it appears correct.
Here is a sample line (with target IP obfuscated) that I have tried.
2002-11-04 00:55:11 -06:00 123456 1 18.104.22.168 2551
22.214.171.124 1433 TCP S
I have a few questions now:
1. How long should I have to wait to see my submissions show up
(assuming they are even getting through properly)
2. Is the test parser functioning properly? If so, why does it appear
to not work for me.
3. I noticed that the website said to submit reports to
reports at dshield.org, but the cvt-win client is sending them to
report at dshield.org (singular versus plural). Which is the proper
address to send to?
I tried searching through the archives, but could not find anything
specific on these issues. Any ideas out there?
More information about the list