I want to have ASL's logs submitted to dshield.org apparently using the syslog function..or e-maill them..whatever works..anyone know any idea how to do that ?
If you leave a Microsoft Windows machine on the Internal network on 24x7, you can run the Kiwi syslog daemon on it and then configure your ASL box to forward its live syslog to the Windows machine.
I run a WinXPpro machine in my home office non-stop on a UPS, since I use it as a Remote Desktop host. On it, I run both the Kiwi syslog daemon and Dshield's CVTWIN agent. Both are executed via the Windows Task Scheduler. Kiwi is configured to run on bootup, under the Administrator account. CVTWIN runs every evening at 11:59 pm.
You can get away with just the shareware version of Kiwi, no need to purchase a license for it. Licensing it gives you additional filtering capabilities, but CVTWIN, which processes the Kiwi log, already has default filters in place to remove any entries that has private address range IP addresses in them. The Kiwi log file grow quite large over time, so occasionally you will have to stop Kiwi and delete the log.
My CVTWIN is configured to mail log copies both to Dshield.org and to myself, so I get a record of the probes against my external interface. If you have your ASL SMTP proxy configured to use passworded mail proxy access, then you need to edit CVTWIN's INI file and enter the ID and PW for your SMTP proxy.
It works really slick! Once it is set up, other than having to manually blow away the Kiwi log file about once a month, it runs on full auto. I don't have to worry about it, and both I and Dshield.org get the attack rapports like clockwork every day.
