|
| Name of
MOD : |
Logsend-1.0-GUI-b2.tar.gz IPCop 1.4.0/1.4.2
Logsend-1.0-GUI-b3.tar.gz IPCop 1.4.4/1.4.8 |
| Version of
MOD : |
1.0
DShield Author Logcheck Author |
| Version and patch level of IPCop: | 1.4.0/1.4.2 or 1.4.4/1.4.8
Tested with IPCop 1.4.0/1.4.2, or 1.4.4/1.4.8 NOTE : MOD MAY work with other versions, but has only been tested with the versions listed. |
| Interface type : | GUI = Graphical user interface, the MOD is
accessed from the Web Browser.
Logsend 
1.4.4/1.4.8 Version |
| Build Level: | b2 = Build 2
b3 = Build 3 This represents minor changes to the MOD. See Changelog |
| Rating : | Green - Opens no ports to red. No known vulnerabilities. |
| Description : |
Logcheck This will give your IPCop the ability to analyze your logs, check for intrusion attempts, compile a report, and email them to the System Administrator. DansGuardian-Snort-Squid If installed/enabled this will give you the ability to mail these logs to the System Administrator DShield This will give your IPCop 1.3.0 the ability to analyze your logs, check for intrusion attempts, compile a report, and email them to DShield.org. |
| Operation : |
Logcheck The section is configured to check logs at midnite, and when your internet conection is active will mail four reports. The System Administrator will receive reports for 'Unusual System Events', 'Security Violations', 'Active System Attacks', and 'Active Firewall Log Detects'. DansGuardian-Snort-Squid The section is configured to check logs at midnite, and when your internet conection is active will mail, the logs to the System Administrator, only If these packages are installed and enabled. DShield The section is configured to check logs at midnite, it will then analyze your syslog for intrusion attempts. It will then create an E-mail and sends that E-mail to DShield.org for inclusion in there database. Registration is encouraged, but is not required. For registered users configuration fields are provided. The mod mails a copy of the report to report@dshield.org and to your mailbox.It then sends a copy to /var/log/dshield/report.log. This file is rotated with logrotate at the same time your system logs are, and are kept for 5 weeks. |
| Setup : | Download and install the
Addon Server MOD first.
Second download the IPCop 1.4.0/1.4.2 Version of the MOD IPCop 1.4.4/1.4.8 Version of the MOD Using the addons-update page found in the System section of your IPCop. If you are running IPCop 1.4.8 update is not needed. NOTE: Download and install the Update only if you are running IPCop 1.4.9 and above. Third install using the Addons page found in your IPCop. No Reboot is required. |
| Configure : | Configuration
The main configuration file for Logsend is found in the 'Logs Section'. ------------------------- Logcheck Configure: LogCheck Enabled: Check this to enable Logcheck. LogCheck Admin: The name of the person receiving the daily report. ------------------------- DansGuardian: This will only work if DansGuardian is installed Configure: DansGuaudian Enabled: Check this to enable the DansGuardian logsending function. DansGuardian Admin: The name of the person receiving the daily report. ------------------------- Proxy: This will only work if the Web Proxy is enabled. Configure: Proxy Enabled: Check this to enable the Proxy logsending function. Proxy Admin: The name of the person receiving the daily report. ------------------------- Snort: This will only work if Snort is enabled. Configure: Snort Enabled: Check this to enable the Snort logsending function. Snort Admin: The name of the person receiving the daily report. ------------------------- DShield: Configure: DShield Enabled: Check this to enable DShield. DShield Sender: Set this to your E-mail address if you want to remain Anonymous leave this alone. Sender's Time Zone: Your time zone from GMT -0600 = Central time US. (Now includes a drop-down box.) User ID (if any): If you registered with dshield, put your ID number here, else enter 0. DShield Admin: Address to send copy of E-mail too. You can add your own address here to send to yourself ------------------------- Mail Server: Description: This is for settings the mail server configuration. Operation: In order for Logsend to work there has to be a mail to receive the log reports. This area is for setting the mail server options. Configure: Mail Server: Add the name of a valid mail server, i.e. mail.myisp.net. Authorized User: Add the name of a valid mail user, use only if your Mail server requires a valid user. Mail Sender: The name of the IPCop or person sending the logs. Authorized User Password: Use only with Authorized User, and only if your Mail Server requires a valid password before sending Email. ------------------------- After you make these changes save the changes and you are set to run a report every day at midnight. |
| ChangeLog : |
Logsend 1.0 for IPCop
27 August 2005 Updated for IPCop 1.4.8 and above Fixed bug is DShield section. 04 April 2005 Updated for IPCop 1.4.4 and above Minor Bug fix 04 December 2004 Bug found in location of the sendEmail path. Crontab time has been fixed to compile report at 23:55 instead of 11:55. |