Home
Certification Preparation
Other Security Certifications
Router, FW, or any Other types of Logs
palevelmode
[FONT=&]Hi All,[/FONT]
[FONT=&]I am practicing SIEM and log analysis. do you know websites where can I download router, fw, ids/ips, iptables logs which I can feed to SIEM? I know I can setup a home lab try to simulate external and internal network (with attacks) incorporate security onion to generate some logs and check with elsa and cro logs. But what I wanted is a logs that I can download to check and inspect and learn analysis let say 1 week logs, or 1 month logs or more. [/FONT]
Find more posts tagged with
Comments
alias454
Something I have been thinking about doing for myself, which could work for you is to get some pcaps from the BRO website and Security Onion site. Replay those pcaps to generate logs of actual bad stuff to look at.
https://www.google.com/search?q=analysis+pcaps&ie=utf-8&oe=utf-8
https://www.bro.org/documentation/exercises/index.html
https://www.bro.org/current/exercises/incident-response/index.html
https://github.com/Security-Onion-Solutions/security-onion/wiki/Pcaps
TacoRocket
Wireshark has some PCAPs to look at as well. You could always make a lab and create logs that way as well.
palevelmode
Thank you for your kind reply, I see all of that already and have personally websites sharing pcaps like the blog malware-traffic-analysis and netresec. I am looking log files fro FW or Router like the one shared on this website. Actually I like huge logs whic I can play instead of running a home lab and simulate inter/external and set the logging to its maximum so logs can be generated asap.
hxxp://log-sharing.dreamhosters.com/
thanks again, I am looking again on this sites.
JDMurray
Try Googling for Capture The Flag events and packet traffic capture archives. Here are a couple:
Public PCAP files for download
https://www.defcon.org/html/links/dc-ctf.html
And here's a previous TE thread on the same subject:
http://www.techexams.net/forums/security-certifications/53951-good-sample-packet-capture-sites.html
palevelmode
Hi All,
Thank you very much for you kind reply. I really appreciate the feedback I got from this thread. Just an update, I am now able to play with my security onion box, and splunk vm and another testing vm sec onion with their new project ELK. With the pcap files I am also able to study basic analysis using tcpdump, wireshark and tshark though I need to get deeper and see what is the advantage of this different tools. I am happy with my progress.
Now... I want to seek help could I find windows logs, windows security events which I can play with. Please share some sites.
Thanks you very much,
alias454
I stumbled on this and thought of this thread
Log Samples — OSSEC 2.8.1 documentation
palevelmode
It was just log formats. I am looking for windows events logs that I can feed to siem.
palevelmode
update: for those individuals who wanted or searching for the logs like I used before. There's a very good Blue team CTF other. Kindly refer to the Splunks' BOSS of THE SOC (BOTS).
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
