Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Submit Dshield ASA Logs - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Submit Dshield ASA Logs

Recently I made some small modifications to the Dshield Linux Cisco PIX submission perl script (  This allows anyone with an ASA or Cisco Security Manager(CSM) to submit logs to the project with ease.


  1. Setup the ASA or CSM to syslog to a server. (

  2. Edit the config of the dshield.cnf and place it into /etc/

    1. Note: If sending emails, you need a SMTP setup. This script does not have it built-in.

  3. Setup a cron, to submit the logs.



  • Initially it's best to have it cc you the logs so you can validate that everything is working via the dshield.cnf file.


  • If using postfix, make sure that the message size limit is very high, as this will not attach a compressed file, it’s actually has the logs in the message of the email. Default size is 10MB

    • /etc/postfix/

    • message_size_limit =


  • If the email goes through, check the ISC portal My Account -> My Reports. You should see when you last submitted logs. This may lag behind several hours before the website updates, so don’t worry on first submission if it takes a bit.


Now get submitting your logs!


Tom Webb


59 Posts
ISC Handler
Jun 1st 2015

Sign Up for Free or Log In to start participating in the conversation!