[Dshield] Linksys logging. WAS: RE: Is DShield Dead?

dshield.org@keithbergen.com dshield.org at keithbergen.com
Mon Jun 20 22:58:04 GMT 2005


Alan,

I use a similar router (Mine is the same one, but also wireless). You
can also use the Kiwi Syslogd. It runs as a service rather than the
linklogger program that has to run when logged in. You are less likely
to miss data that way. The cvtwin program can run against the Kiwi
output. Note that the computer needs to be running all the time as the
Linksys sends syslog entries as they hit.

If you want further info, email me off list with any details and I'll
try and help.

Keith.

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Robert Nelson
Sent: Monday, June 20, 2005 5:09 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Is DShield Dead?


A Linksys BEFSR41 will work, Alan. Visit
http://www.dshield.org/windows_clients.php#universal.

You will need to configure your router for logging. Log into your
router,
and go to the Administration section. Look for the "Log" link there, and
tell the router to log. You will need to know the IP Address the router
has
assigned to the PC you wish to have the logs sent to.

You will need to install the logviewer program that should be on your
Linksys installation CD.

You can use the DShield client listed on the Dshield site (CVTWIN) or
use
something like WallWatcher, which is free. It is available at
http://www.wallwatcher.com/ - you will also need to download the
WW2DShield
program from there as well..

I hope this helps.

Robert

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Alan Frayer
Sent: June 20, 2005 1:55 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Is DShield Dead?


Johannes B. Ullrich wrote:

>>Johannes: What ever you need, just let us know (knowing of course that
>>some things are just easier to do yourself as they take longer to get
>>someone up to speed).
>>
>>
>
>What we need:
>
>- good contributions to this list ;-)
>- more diverse submitters (we are ok on /16s and such, but can always
>use more cable/dsl users) Its odd that I ask for more submitters as we
>obviously get plenty of data. But its more about diversity of the
>submissions vs. volume.
>
>

As I see it, the problem is the cable/dsl users (such as my home
network) use 1) devices that do not produce usable logs, 2) devices that
don't send their logs to other devices (see #1), or 3) devices dependent
on other devices running full-time (such as a permanent PC to collect
the logs for mailing).

My Linksys BEFSR41 doesn't fit the bill, right?

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list