Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC Email Submission


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This page documents firewalls/IDSs/routers that email their logs (instead of writing the logs to a disk file.) You can configure the device/program to email the logs directly to us.

SonicWall

In order to submit the logs to DShield, you should first sign up with us to get a UserID. Make sure to set your Time Zone in the user profile. After you have received your DShield UserID, then configure SonicWall to send logs like:

To:       sonicwall@dshield.org
From:     yourname@yourcompany.com
Subject:  Log file from SonicWALL [UserID]

Where yourname@yourcompany.com is the email address you used when you registered with DShield. UserID is the number that you received from DShield after you registered.

How to configure SonicWall to send logs to DShield
SonicWall configuration screenshot
Click on thumbnail image to see full size screenshot

After submitting your logs you should get a confirmation email. You can also log into DShield and review the log lines you have submitted. If you enabled FightBack when you registered, then you can review any FightBack abuse messages that might have been sent on your behalf.

Please allow 4-8 hours for us to process your logs. Your logs won't show up on the login page until after we have processed them.

Thanks to Garry Polmateer for helping us with this.

Some D-Link routers have the ability to send logs via e-mail. We have tested the wireless DI614+ router so far. Other D-Link routers are likely to work the same (please reports success/failure to info@dshield.org.

To configure the router, click on the 'Status' tab at the top navigation bar of your router's admin interface. Next, click the 'Log' button on the left. Finally, select 'Log Settings' to the left of the red 'help button.

How to configure D-Link Router to send logs

Click on thumbnail image to see larger screen shot

There are two settings you need to addjust:

  • SMTP Server: Use the same setting you are using for your e-mail software. The SMTP Server is usually provided by your ISP.
  • Send to: Enter two email addresses: First your own, which is the one you use to login to DShield, next the special dlink address for DShield. You obtain this special address by concatenating the word 'dlink' and your numeric dshield userid. For example, if you email address is 'someone@somewhere.com' and your userid is '12345', you could enter: someone@somewhere.co,dlink12345@dshield.org

To submit anonymous logs, omit your e-mail address and use '0' as userid.