New version of cvtwin, now with HTTP upload
Historically, data was submitted to DShield via e-mail. I choose this method way back (Nov. 2000) as it provided easy load balancing and queuing in case the main database server was under heavy load. Initially, we only had a Linux client, and of course its trivial to send e-mail from almost any linux host. The first client was actually a 1 line shell script.
I think e-mail its still a good idea, but we are having more and more issues getting e-mail to us. In particular our Windows client, cvtwin, uses an external simple command line client which isn't always that easy to configure as ISPs block port 25 and require users to log in to mail servers.
So earlier today, Wayne, our "cvtwin guy", added a new function: It will now submit data via HTTP as well as SMTP. I think in particular in Windows scenarios this makes a lot of sense. Most of our windows users are home users. They run some kind of logging software on a work station and submit logs collected by this software. These systems are used for web browsing and usually have unobstructed access to port 80.
So if you have issues running CVTWIN because you are not able to send mail, give the new version a try. And again: If it works, don't touch it ;-)
More details about CVTWIN:
Windows Clients
Changelog (use for now for documentation of the http feature)
This is an experimental release at this point. Please report issues to info@dshield.org.
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments