DShield
What is DShield?
DShield is a community-based collaborative firewall log correlation system that receives logs from volunteers all over the world, used as the data-collection engine behind the SANS Internet Storm Center. The goal is to raise awareness to the public by providing access to the data and share accurate current snapshots of internet attacks.
Description
The DShield channel will log all events to the DShield API.
Syntax
[channel.<you_choose>]
type="dshield"
Arguments in configuration file
There are 4
arguments in DShield channel:
argument | default setting | explanation | required |
---|---|---|---|
user_id |
no | Set your DShield user_id . |
yes |
api_key |
no | Set your DShield api_key . |
yes |
insecure |
no | true will disable certificate validation. |
no |
debug |
no | Set true if you want to log DShield error response |
no |
Example
[channel.dshield]
type="dshield"
user_id="[YOUR_USER_ID]"
api_key="[YOUR_API_KEY]"
insecure=true
debug=true
Availability
Linux | MacOS |
---|---|
yes |
yes |