[Dshield] Linksys logging. WAS: RE: Is DShield Dead?

Joel Esler eslerj at gmail.com
Tue Jun 21 12:22:58 GMT 2005


I used to use the BEFSX41 (I've upgraded now)...  But the Linksys
LogViewer (or whatever it's called) works just peachy.

On 6/20/05, dshield.org at keithbergen.com <dshield.org at keithbergen.com> wrote:
> Alan,
> 
> I use a similar router (Mine is the same one, but also wireless). You
> can also use the Kiwi Syslogd. It runs as a service rather than the
> linklogger program that has to run when logged in. You are less likely
> to miss data that way. The cvtwin program can run against the Kiwi
> output. Note that the computer needs to be running all the time as the
> Linksys sends syslog entries as they hit.
> 
> If you want further info, email me off list with any details and I'll
> try and help.
> 
> Keith.
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Robert Nelson
> Sent: Monday, June 20, 2005 5:09 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Is DShield Dead?
> 
> 
> A Linksys BEFSR41 will work, Alan. Visit
> http://www.dshield.org/windows_clients.php#universal.
> 
> You will need to configure your router for logging. Log into your
> router,
> and go to the Administration section. Look for the "Log" link there, and
> tell the router to log. You will need to know the IP Address the router
> has
> assigned to the PC you wish to have the logs sent to.
> 
> You will need to install the logviewer program that should be on your
> Linksys installation CD.
> 
> You can use the DShield client listed on the Dshield site (CVTWIN) or
> use
> something like WallWatcher, which is free. It is available at
> http://www.wallwatcher.com/ - you will also need to download the
> WW2DShield
> program from there as well..
> 
> I hope this helps.
> 
> Robert
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Alan Frayer
> Sent: June 20, 2005 1:55 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Is DShield Dead?
> 
> 
> Johannes B. Ullrich wrote:
> 
> >>Johannes: What ever you need, just let us know (knowing of course that
> >>some things are just easier to do yourself as they take longer to get
> >>someone up to speed).
> >>
> >>
> >
> >What we need:
> >
> >- good contributions to this list ;-)
> >- more diverse submitters (we are ok on /16s and such, but can always
> >use more cable/dsl users) Its odd that I ask for more submitters as we
> >obviously get plenty of data. But its more about diversity of the
> >submissions vs. volume.
> >
> >
> 
> As I see it, the problem is the cable/dsl users (such as my home
> network) use 1) devices that do not produce usable logs, 2) devices that
> don't send their logs to other devices (see #1), or 3) devices dependent
> on other devices running full-time (such as a permanent PC to collect
> the logs for mailing).
> 
> My Linksys BEFSR41 doesn't fit the bill, right?
> 
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list