DShieldAnalyzer
What is DShieldAnalyzer?
DShieldAnalyzer is a tool for analyzing and presenting logs that are formatted using the DShield format.
What are DShield and the DShield log format?
DShield.org is an attempt to collect data about cracker activity from all over the internet. For more information see the DShield.org web site.
The DShield log format is specified here
Why?
I wanted a way to analyze the log files produced by my Linux IPChains firewall. I found the DShield site and the DShield.py project, but I was a little concerned about emailing my firewall logs without analyzing them myself first.
So over the course of a weekend I wrote a Java application to parse and present the output from the DShiled.py script.
What is the latest version?
Version 0.1 was released under the GNU General Public License on 22nd February 2004.
What does version 0.1 do?
Version 0.1 has the following features:
Reads a DShield formatted log file and a Services description file
Provides 2 types of (standard output based) reports
Provides a Report interface that can be implemented to provide more detailed or more specialised reports.
How do I get started?
Start by downloading the software and reading the documentation.
What features are going to be added to subsequent versions?
I'm hoping to add the following features to version 0.2:
Additional Report formats
Ability to ignore a particular Input IP Address
Ability to supply an input directory containing a number of log files for analysis
How can I help?
Please email me with
Bug Reports
Questions
Suggestions for improvements or additional features
Implementations of the Report interface for inclusion in future versions of this software.