[Dshield] Submitting logs from two devices
Anthony_Rodgers at dnv.org
Fri Feb 9 17:14:57 GMT 2007
Great, Johannes - thanks!
On Feb 8, 2007, at 4:29 PM, Johannes B. Ullrich wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> should work well if you just run two copies of cvtwin. You can use the
> same userid/account for both copies.
> Anthony Rodgers wrote:
> > Hi there,
> > Is it acceptable to submit logs from two sources (Internet facing
> > firewall and a snort IDS that resides inside the firewall)? My
> > is that our IDS picks up on badness that gets through our firewall's
> > open ports and therefore might provide some additional useful data.
> > If so, is it sufficient to have two instances of the Universal Client
> > running on a machine, using the same DShield ID?
> > Regards,
> - --
> - ---------
> Johannes Ullrich jullrich at sans.org
> Chief Research Officer (617) 639 5000
> PGP Key: https://secure.dshield.org/PGPKEYS
> "We use [isc.sans.org] every day to keep on top of
> security at our bank" Matt, Network Administrator.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
More information about the list