[Dshield] log submissions and egress traffic
hostmaster at denverdata.com
Thu Oct 30 01:25:49 GMT 2003
I've been submitting logs to dshield for a couple of weeks now and I'm
very happy with both the email summary and web reports, and this list of
I find myself wanting info on egress traffic. The private network behind
our firewall is in one of the reserved private address spaces so the
source hosts are excluded by the default source-exclude.lst. I figured
those address spaces are excluded by default to keep dshield data
relevant to internet traffic.
So, two questions:
1) Are users including these private address spaces in dshield
submissions to get egress analysis?
2) Any one care to offer suggestions for a log analysis tool: open
source, unix/linux, web-based UI, handles snmptrap messages logged via
syslog format (preferred, but I can massage the log format to suit),
Oh yeah, I've got linksys and SonicWall hardware.
Yes, I know there are windows log capture/analyzer tools for this
hardware, but that's not what I want and that's that.
Basically, I'm after my own local install of dshield ;)
More information about the list