MwSubmitter's Online Manual

HoneyBow Sensor

You can download the PDF version here (out of date).


Installation


Install from Subversion

Get the latest version of MwSubmitter 

svn co https://svn.mwcollect.org/honeybow/trunk/mwsubmitter

Get the latest version of G.O.T.E.K. Client 

svn co https://svn.mwcollect.org/gotek/gotekc/trunk goteckc

Install Gotek Client 

cd gotekc
make
su
make install
cd ..

Install MwSubmitter 

cd mwsubmitter
su
./install
cd ..


Install from Package

Download the latest version of MwSubmitter from SourceForge and extract it 

tar zxf mwsubmitter-0.1.0-fr.tar.gz

Run the install.sh script to install gotekc and MwSubmitter 

cd MWSUBMITTER
su
./install

Usage


Single Mode

Use following command to submit samples in the given directory to mwcollect alliance G.O.T.E.K. server (or other G.O.T.E.K. compatible server) 

mwsubmitter -s server-address [–p port] -u user-name -k key-file [-D] {sample-dir|sample-file(s)}

Options

-s Gotek Server address;

-p Gotek Server port;

-u User name for submitting;

-k key-file correspond to the use;

-D Delete successfully submitted sample(s).

For exmaple 

mwsubmitter –s 127.0.0.1 –p 4711 -u test –k /root/test.key /root/samples/


Batch Mode

You can use MwSubmitter’s batch mode to submit samples in multiple directories as different users 

mwsubmitter [-c config-file] –D –b

Options

-c Specify the config-file which must have follow format, use $HOME/.mwsubmitter/config as default 

<SERVER ADDR> <PORT>
<USER NAME #1> <KEYFILE PATH #1> <SUBMIT DIR#1>
<USER NAME #2> <KEYFILE PATH #2> <SUBMIT DIR#2>
…

For example 

alliance.mwcollect.org 34109
test /home/test/test.key /home/test/samples

-D Delete successfully submitted sample(s);

-b Use batch mode.


Monitor Mode

MwSubmitter’s monitor mode is almost the same as its batch mode, except it will scan the submit directory periodically, submit new samples and delete submitted ones 

mwsubmitter [-c config-file] [-t cycle] –m

Options

-c Specify the config-file (as in batch mode)

-t Specify scan cycle length, use 1200 second (20 minutes) as default

-m Use monitor mode, implicitly include -D option.