CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Downloads | Documentation | Wiki | Tooltips
SiLK 2.1.0 | YAF 1.0.0.2 | IPA 0.4.0 | fixbuf 0.8.0 | Portal 0.9.0 | RAVE 1.9.16 | iSiLK 0.1.6
SiLK - Documentation - rwreceiver
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwreceiver - Accepts files transferred from rwsender(s)

SYNOPSIS

  rwreceiver --mode=server --server-port=PORT --client-ident=IDENT
        --identifier=IDENT --destination-directory=DIR
        [--post-command=COMMAND]
        [ --tls-ca=PEM_FILE
          { { --tls-cert=PEM_FILE --tls-key=PEM_FILE }
            | --tls-pkcs12=DER_FILE } ]
        { --log-destination=DESTINATION
          | --log-directory=DIR_PATH [--log-basename=LOG_BASENAME]
          | --log-pathname=FILE_PATH }
        [--log-level=LEVEL] [--log-sysfacility=NUMBER]
        [--pidfile=FILE_PATH] [--no-daemon]
  rwreceiver --mode=client --server-address=IDENT:ADDRESS:PORT
        [--server-address=IDENT:ADDRESS:PORT ...]
        --identifier=IDENT --destination-directory=DIR
        [--post-command=COMMAND]
        [ --tls-ca=PEM_FILE
          { { --tls-cert=PEM_FILE --tls-key=PEM_FILE }
            | --tls-pkcs12=DER_FILE } ]
        { --log-destination=DESTINATION
          | --log-directory=DIR_PATH [--log-basename=LOG_BASENAME]
          | --log-pathname=FILE_PATH }
        [--log-level=LEVEL] [--log-sysfacility=NUMBER]
        [--pidfile=FILE_PATH] [--no-daemon]
  rwreceiver --help
  rwreceiver --version

DESCRIPTION

rwreceiver is a daemon which accepts files transferred from one or more rwsender(8) processes. The received files are stored in a destination directory.

Either rwsender or rwreceiver may act as the server with the other acting as the client. That is, an rwsender server may listen for connections from rwreceiver clients, or an rwsender client may attempt to connect to one or more rwreceiver servers.

In addition, each rwsender and rwreceiver is configured with an identifier of its own and the identifier(s) of the rwreceiver(s) or rwsender(s) that may connect to it. The connection will not established if the identifier provided by other process is not recognized.

Every rwsender that communicates with the same rwreceiver must have a unique identifier; likewise, every rwreceiver that communicates with the same rwsender must have a unique identifier. Ideally, the identifier should provide some information about where the rwsender or rwreceiver program is running and what sort of data it is transferring.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

The following set of switches are required:

--identifier=IDENT

Use the name IDENT when establishing a connection with an rwsender process. The identifier should contain only printable, non-whitespace characters; the following characters are illegal: colon (:), slash (/ and \), period (.), and comma (,).

--mode=MODE

Specify how the connection between rwsender and rwreceiver(s) should be established. When MODE is server, rwreceiver will listen for connections from rwsender clients; when MODE is client, rwreceiver will attempt to connect to rwsender servers.

--destination-directory=DIR

Place the transferred files into DIR. Note that rwreceiver uses this as its processing directory; rwreceiver writes an incoming file to a name beginning with a dot (.), and moves the file to its final name once the transfer is complete.

When running in server mode, the following switches are required:

--server-port=PORT

Listen for incoming rwsender client connections on PORT.

--client-ident=IDENT

Allow connections from an rwsender client whose identifier is IDENT. This switch may be repeated to allow multiple rwsender clients to connect.

When running in client mode, the following switch is required:

--server-address=IDENT:ADDRESS:PORT

Attempt to connect to the rwsender server listening to port number PORT on the machine ADDRESS. The connection will be dropped unless the the rwsender identifies itself as IDENT. This switch may be repeated to connect to multiple rwsender servers.

The following switch is optional in both modes:

--post-command=COMMAND

Run COMMAND on a file once it has been successfully received. The string %s in COMMAND will be replaced with the full path of the incremental file, and the string %I in COMMAND will be replaced with the identifier of the sender that sent the file.

When SiLK is built with the GnuTLS (Transport Layer Security) library, the following switches are available. Using these switches allows rwsender and rwreceiver to use an encrypted/authenticated channel for their communication. Use GnuTLS's certtool(1) program to create the PEM (Privacy Enhanced Mail) file.

--tls-ca=PEM_FILE

Sets the Certificate Authority file to the given PEM_FILE, thereby enabling encryption using TLS. This switch must be used in conjunction with either the --tls-pkcs12 option, or the --tls-cert and the --tls-key options. Use certtool(1) to create

--tls-cert=PEM_FILE

Sets rwreceiver's encryption certificate for TLS to the given PEM_FILE. This switch must be used in conjunction with the --tls-ca and --tls-key options.

--tls-key=PEM_FILE

Sets rwreceiver's encryption key for TLS to the given PEM_FILE. This switch must be used in conjunction with the --tls-ca and --tls-cert options.

--tls-pkcs12=DER_FILE

Sets rwreceiver's encryption certificate and key for TLS to the given DER_FILE. This switch must be used in conjunction with the --tls-ca option. rwreceiver will use the value in the RWRECEIVER_TLS_PASSWORD environment variable to decrypt the PKCS#12 file. If this variable is not set, rwreceiver assumes the password is the empty string.

One of the following logging switches is required:

--log-destination=DESTINATION

Specify the destination where logging messages are written. When DESTINATION begins with a slash /, it is treated as a file system path and all log messages are written to that file; there is no log rotation. When DESTINATION does not begin with /, it must be one of the following strings:

none

Messages are not written anywhere.

stdout

Messages are written to the standard output.

stderr

Messages are written to the standard error.

syslog

Messages are written using the syslog(3) facility.

both

Messages are written to the syslog facility and to the standard error (this option is not available on all platforms).

--log-directory=DIR_PATH

Use DIR_PATH as the directory where the log files are written. DIR_PATH must be a complete directory path. The log files have the form

  DIR_PATH/LOG_BASENAME-YYYYMMDD.log

where YYYYMMDD is the current date and LOG_BASENAME is the application name or the value passed to the --log-basename switch when provided. The log files will be rotated: at midnight local time a new log will be opened and the previous day's log file will be compressed using gzip(1). (Old log files are not removed by rwreceiver; the administrator should use another tool to remove them.) When this switch is provided, a process-ID file (PID) will also be written in this directory unless the --pidfile switch is provided.

--log-pathname=FILE_PATH

Use FILE_PATH as the complete path to the log file. The log file will not be rotated.

The following switches are optional:

--log-level=LEVEL

Set the severity of messages that will be logged. The levels from most severe to least are: emerg, alert, crit, err, warning, notice, info, debug. The default is info.

--log-sysfacility=NUMBER

Set the facility that syslog(3) uses for logging messages. This switch takes a number as an argument; the default will be value that corresponds to LOG_USER on the system where rwreceiver is running. This switch will result in an error unless --log-destination=syslog is specified.

--log-basename=LOG_BASENAME

Use LOG_BASENAME in place of the application name for the files in the log directory; see the description of the --log-directory switch.

--pidfile=FILE_PATH

Set the complete path to the file in which rwreceiver writes its process ID (PID) when it is running as a daemon. No PID file is written when --no-daemon is given. When this switch is not present, no PID file is written unless the --log-directory switch is specified, in which case the PID is written to LOGPATH/rwreceiver.pid.

--no-daemon

Set rwreceiver to run in the foreground, as a non-daemonized process. This is useful for debugging.

--help

Print the available options and exit.

--version

Print the version number and information about how SiLK was configured, then exit the application.

ENVIRONMENT

RWSENDER_TLS_PASSWORD

Specifies the password to use to decrypt the PKCS#12 file specified in the --tls-pkcs12 switch.

SEE ALSO

SiLK Installation Handbook, rwsender(8), syslog(3), certtool(1)

SiLK | YAF | IPA | fixbuf | Portal | RAVE | iSiLK
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2009 Carnegie Mellon University