Ubuntu Package available to submit firewall logs to DShield

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see


use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Safari 2022


4597 Posts
ISC Handler
May 20th 2013
Dr J

I have been using PSAD now for a few weeks and absolutely love the granularity of this utility. It comes with DShield log submission capabilities, uses snort signatures, and will check your iptables configuration for errors...and more.


Oh...and of course it is free!


65 Posts
The .deb seems to have gone 404.

1 Posts
fixed the missing file. Sorry. And thanks for the reminder about PSAD. Added it to the client page (not sure why it was missing in the first place :( )

4597 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!