[Dshield] log submissions and egress traffic

Doug Douglass hostmaster at denverdata.com
Thu Oct 30 01:25:49 GMT 2003


I've been submitting logs to dshield for a couple of weeks now and I'm 
very happy with both the email summary and web reports, and this list of 
course.

But...

I find myself wanting info on egress traffic. The private network behind 
our firewall is in one of the reserved private address spaces so the 
source hosts are excluded by the default source-exclude.lst. I figured 
those address spaces are excluded by default to keep dshield data 
relevant to internet traffic.

So, two questions:

1) Are users including these private address spaces in dshield 
submissions to get egress analysis?

OR

2) Any one care to offer suggestions for a log analysis tool: open 
source, unix/linux, web-based UI, handles snmptrap messages logged via 
syslog format (preferred, but I can massage the log format to suit), 
etc, etc?

Oh yeah, I've got linksys and SonicWall hardware.

Yes, I know there are windows log capture/analyzer tools for this 
hardware, but that's not what I want and that's that.

Basically, I'm after my own local install of dshield ;)

TIA
Doug




More information about the list mailing list