[nsp-sec] Cymru: suggestion: add "daily-batch-ready" -indicator to the report filestructure
Tim Wilde
twilde at cymru.com
Mon Mar 9 12:45:10 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kauto,
Thanks for the suggestion. One quick and easy tip you can already use -
look at the current day's directory for a given report, and look for a
file called ".sent". It won't be in the directory listing, but it will
exist if we have sent out e-mails for that report on that day (which is
an indicator that processing is completed). For example:
https://www.cymru.com/nsp-sec/dailyreports/bots/list/20090309/.sent
If that file were 404, then you could assume that reports for 20090309
in the bots category had not completed. Note that e-mail reports are
sent only after all categories are completed, so checking a single
category for the sent flag is sufficient.
In the future, time-permitting, we may provide a more "proper" flag that
we'd then document on our site, but for now, hopefully this can provide
an approximation of what you're looking for.
Regards,
Tim
Huopio Kauto wrote:
> ----------- nsp-security Confidential --------
>
> Greetings,
>
> Tim: could it be possible to add a "daily-batch-ready"
> -indicator to the daily report -site filestructure, so that
> those of us who are using automated processing could poll just
> a single file.
>
> Something like a 0-byte file that is created when Cymru's side
> of processing is ready. For example
>
> $DAILYREPORTS_ROOT/STATUS/DAILY-BATCH-READY_YYYYMMDD
>
> Naturally this indicator would be valid to those report categories which
> are updated once per day.
>
> Adding this kind of indication would help guarantee a consistent
> postprocessing at the receiving end - automation would not have to
> guess when the daily run is ready.
>
> --Kauto
> FICORA / CERT-FI
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-312-924-4033 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJtUeVluRbRini9tgRAg52AJ9IUOQZpO/IeKFj+nsWC5g38iNeNACcDDm2
CKsIQ6xX+YOJIo9wcMoskJc=
=HoQm
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list