http://dshield.org Distributed Intrusion Detection System. As you know i am using ipcop as firewall to protect my online unix lab,now i want to send my firewall logs to dshield. How to send ipcop 1.4 series firewall logs to dshield.
Dshiled provided universal client to parse different firewalls log files and mail to dshiled server. I check dshield.org for ipcop … i got reference to one old version supported file, that is is useless… so what next? as ipcop is based on smoothwall…now we can use smoothwall cleint to gather logs and dshiled universal log parser as it have native support for smoothwall. So remembe configure “smoothwall2.0” as your firewall in dshileduniversal log parser.
ok first download Kiwi Syslog Daemon from http://www.kiwisyslog.com/info_syslog.htm
and install it. start kiwsclient and goto “Manage” menu and click on install as service next click on “start syslogd” service.
Goto ipcop firewall box and set logsettings to write on remote server and give kiwis running pc’s ip address…
Bingo!!! thats it you can see series of log entries kiwis client. Now open dshield universal client and configure ( use smoothwall2.0 as your firewall). that it for more details see http://www.dshield.org/windows_clients.php#universal