[Dshield] Submitting logs from two devices

Johannes B. Ullrich jullrich at sans.org
Fri Feb 9 00:29:14 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


should work well if you just run two copies of cvtwin. You can use the
same userid/account for both copies.


Anthony Rodgers wrote:
> Hi there,
> 
> Is it acceptable to submit logs from two sources (Internet facing 
> firewall and a snort IDS that resides inside the firewall)? My thinking 
> is that our IDS picks up on badness that gets through our firewall's 
> open ports and therefore might provide some additional useful data.
> 
> If so, is it sufficient to have two instances of the Universal Client 
> running on a machine, using the same DShield ID?
> 
> Regards,


- --
- ---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFy8BaPNuXYcm/v/0RAvozAJ9sj3mgr8jpGhkj17xPPGWnk48aFgCfbSq4
CjAKly6eDdAOq3kJsnDoQvU=
=cvL3
-----END PGP SIGNATURE-----


More information about the list mailing list