As part of linux online lab .. i want to contribute Dshield

http://dshield.org  Distributed Intrusion Detection System. As you know i am using ipcop as firewall to protect my online unix lab,now i want to send my firewall logs to dshield. How to send ipcop 1.4 series firewall logs to dshield.

Dshiled provided universal client to parse different firewalls log files and mail to dshiled server. I check dshield.org for ipcop … i got reference to one old version supported file, that is is useless… so what next? as ipcop is based on smoothwall…now we can use smoothwall cleint to gather logs and dshiled universal log parser as it have native support for smoothwall. So remembe configure “smoothwall2.0”  as  your firewall in dshileduniversal log parser.

ok first download  Kiwi Syslog Daemon from http://www.kiwisyslog.com/info_syslog.htm
and install it. start kiwsclient and goto “Manage” menu and click on install as service next click on “start syslogd” service.

Goto ipcop firewall box and set logsettings to write on remote server and give kiwis running pc’s ip address…

Bingo!!! thats it you can see series of log entries kiwis client. Now open dshield universal client and configure ( use smoothwall2.0 as your firewall). that it for more details see http://www.dshield.org/windows_clients.php#universal

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s