[Dshield] Submitting logs from two devices
Johannes B. Ullrich
jullrich at sans.org
Fri Feb 9 00:29:14 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
should work well if you just run two copies of cvtwin. You can use the
same userid/account for both copies.
Anthony Rodgers wrote:
> Hi there,
> Is it acceptable to submit logs from two sources (Internet facing
> firewall and a snort IDS that resides inside the firewall)? My thinking
> is that our IDS picks up on badness that gets through our firewall's
> open ports and therefore might provide some additional useful data.
> If so, is it sufficient to have two instances of the Universal Client
> running on a machine, using the same DShield ID?
Johannes Ullrich jullrich at sans.org
Chief Research Officer (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS
"We use [isc.sans.org] every day to keep on top of
security at our bank" Matt, Network Administrator.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the list