(Check http://dshield.cirt.vt.edu/~dshield/windows_clients.html for the most recent version of CVTWIN.)
12/21/2002 1.1.2 Added "unflush" routine for accessing Windows XP ICF firewall, to hopefully solve file access errors.
12/18/2002 1.1.1 Better treatment of log file display for Tiny 4.0 and PC-Cillin in the summary and File/View Log File. CVTWIN will now correctly report on the log files that it actually processed and shouldn't be snookered by reporting on the dummy placeholder log file that is established in Edit/Configure. A placeholder file is still required, but CVTWIN will no longer report that this is the log file that it processed.
Added auto-configuration for new users for Tiny 4.0 and PC-Cillin. If they are installed in the default locations, CVTWIN will recognize them and will create the required dummy placeholder file. (It will do auto-configuration if C:\Program Files\cvtwin\cvtwin.ini doesn't exist when the program runs. It won't auto-configure if cvtwin.ini already exists.)
12/17/2002 1.0.99 More optimizations for Tiny 4.0 converter. Now it pre-filters the log files before doing the DShield conversion, so you won't see the complete logs in the "status" file that is displayed immediatly after conversion; you will only see the log lines that contain packet log information.
I also found that some of the XML log files contain random binary junk after the end of the XML proper, so I added additional logic to stop processing after finding the </Root> tag that indicates the end of the XML document.
Still haven't solved the problem noted in v. 1.0.98. Use the workaround for now. I need to change a lot of things in CVTWIN to solve this properly.
12/17/2002 1.0.98 Improved the processing speed of the Tiny 4.0 converter. And realized a problem with the Tiny converter....
CVTWIN requires you to establish a log file in Edit/Configure. But TPF 4.0 creates a new log file for each day and (by default) removes log files that are older than 7 days. The problem will come when the file that you configured CVTWIN to look at is removed by TPF. The workaround (until I come up with a better fix) is for you to create a dummy file in C:\Program Files\Tpf4\log\ and tell CVTWIN that this is the log file.
Example, create (with Notepad, for want of anything better) C:\Program Files\Tpf4\log\dummy.txt and configure CVTWIN to use this. CVTWIN will not attempt to process dummy.txt--for TPF 4.0, it only uses this to locate the directory that the log files are in. It derives the actual filenames from dates.
I'll come up with a better solution after I rethink the problem. Keep checking back.
12/16/2002 1.0.97 Updated Tiny 4.0 converter to run faster. Changed the behavior of "File/View Log File" so it has better error checking.
12/16/2002 1.0.96 Updated PC-Cillin converter so that it works like the new Tiny 4.0 one. Now you don't need to change the log file name for every day. Once you set a log file, CVTWIN will loop through the directory and calculate the file names based on the date. You can now put CVTWIN on the Task Scheduler.
12/16/2002 1.0.95 Fixed a bug in the Tiny 4.0 converter in that it wasn't going backwards far enough, so it would miss converting unprocessed log lines from the previous day. Tiny 4.0 users should update.
12/15/2002 1.0.94 Added new "Tiny Personal Firewall 4.0" converter. Note that this is for the new Tiny v. 4.0. Users of earlier versions should use the "Tiny Personal Firewall" converter.
Tiny 4.0 saves logs in individual files, one per day. When you do your first conversion, the Tiny 4.0 converter will attempt to process all the logs in the directory. This can be time consuming. You can limit the number of logs that it will convert by entering a timestamp that is several days back in the "Last Saved Date/Time" field in Edit/Configuration. Example: enter "2002-12-11 00:00:00" to limit it to only converting the last few days.
You must select a log file in Edit/Configure. But the Tiny 4.0 converter only uses the path information. Once you have selected a log file you don't have to go back and reselect a different log file for each day. CVTWIN calculate the log file names by working backwords from today's date. Meaning that once you have it configured and working, then you should be able to put CVTWIN on the Windows Task Scheduler. (http://dshield.cirt.vt.edu/~dshield/clients/schedule_client.html)
Thanks to Bruce Moore for helping with this.
11/24/2002 1.0.93 Added new "Kiwi Syslog Daemon (All formats)" converter that attempts to convert using all the Kiwi converters. You would use this if you use Kiwi to log from multiple different firewalls/routers. For each log line, it tries all the Kiwi converters and accepts the first conversion that returns success.
If you don't use Kiwi to log from multiple different firewalls/routers, then you should continue to use the named Kiwi converters. They are quicker, are less likely to have conversion problems, and have better conversion error reporting.
I went though all the Kiwi converters and tightened up conversion logic for some of them so that they are less naive about formating assumptions.
11/23/2002 1.0.92 Modified Kiwi Linksys converter so that it also works with
"Kiwi format ISO yyyy-mm-dd (Tab Delimited)" log format
so that it is in sync with the other Kiwi converters.
11/23/2002 1.0.91 Worked on Cisco ACL (IOS) converter so that it should now work with Kiwi Syslog Daemon, if you use the
"Kiwi format ISO yyyy-mm-dd (Tab Delimited)" log format
Also fixed a bug in the date conversion. All Cisco ACL (IOS) users should upgrade.
11/22/2002 1.0.90 Added new converter for D-Link DI-804V and Asanté FriendlyNet VR2004AC, VR2004C routers using Kiwi Syslog Daemon. Configure Kiwi to use
"Kiwi format ISO yyyy-mm-dd (Tab Delimited)" log format
11/22/2002 1.0.89 Added new converter for Cisco ACL (IOS) logs. It converts logs that are formatted like
Nov 21 10:45:36 EST: %SEC-6-IPACCESSLOGP: list 101 denied udp SSS.SSS.SSS.SSS(1031) -> DDD.DDD.DDD.DDD(137), 1 packet
Where "SSS.SSS.SSS.SSS" and "DDD.DDD.DDD.DDD" are source and local IPs.
11/13/2002 1.0.88 Improved logic in Kiwi Smoothwall converter. It is a bit more defensive now about file format assumptions.
11/11/2002 1.0.87 Added Kiwi Syslog Daemon Smoothwall converter. Open a shell into your Smoothwall and add
kern.info (tabs) @192.168.1.xxx
to /etc/syslog.conf (192.168.1.xxx is the IP address of the machine running Kiwi.) Restart Smoothwall. Start Kiwi. Configure it to use "Kiwi format ISO yyyy-mm-dd (Tab Delimited)" log format (the default.) Thanks to Paul Doig for helping with this.
11/8/2002 1.0.86 Fixed a bug with the Microsoft ISA converter. It was using your system's time zone in the converted logs. This is wrong, because all ISA logs are already in GMT time, so it now uses +00:00 as the TZ offset in the converted log. All ISA users should upgrade to this version. Thanks again to John Normon for catching this.
11/5/2002 1.0.85 Added new converter for Microsoft ISA, W3C Extended log format. Using the yyyymmdd date format. All fields except for "Header" and "Payload" (There are several ways to format ISA logs--we support this format.) Thanks to John Norman for helping with this.
11/4/2002 1.0.84 Updated Kiwi Cisco PIX converter to handle a wider variety of log lines. Thanks to Seymour Brown for helping with this.
11/4/2002 1.0.83 Added cvtwin.ini variable sndmailParms so that you can define additional parameters to pass to sndmail.dll when sending mail. Most people can ignore this, but it is needed if your SMTP server requires user authorization. See http://dshield.cirt.vt.edu/~dshield/clients/cvtwinsndmail.html for more information.
11/1/2002 1.0.82 Improved (IMO) logic for logfile configuration "Browse" dialog box. If "logfile" is already set to an existing file, the "Browse" button now opens pointing to this drive/directory/file. Before, it opened in the directory that the program was running in, which probably doesn't contain any log file. This isn't a big deal for people who only have to set the log file once, but was a headache for people who must set the log file each time they run CVTWIN.
10/30/2002 1.0.81 Updated Linksys SMNP Trap Watcher converter so it works with the newer format. Also changed the name of the converter from "Linksys" to "Linksys SMNP Trap Watcher" so existing Linksys SMNP Trap Watcher users must change that in the Edit/Configure Dialog.
Also changed SMNP Trap Watcher converter so it now includes your Time Zone in the converted log (which it should have all along.) This might affect conversions for existing SMNP Trap Watcher users, because this also affects the timestamp that is stored as "Last Saved Date/Time" in Edit/Configure. If it is now rejecting dates that it shouldn't, then you need to append " (your time zone)" to the timestamp that is stored in "Last Saved Date/Time". Example, if your time zone is EDT, then your Time Zone is " -05:00", so you'd append " -05:00" to the timestamp that is stored in Edit/Configure "Last Saved Date/Time"
10/28/2002 1.0.80 Fixed problem with BlackIce converter that caused CVTWIN to (potentially) fill your hard disk if a log line contained an impossibly large range of ports. Previously, it would attempt to generate log lines for each of the ports in the range. All BlackIce users should upgrade to this release.
10/28/2002 1.0.79 Added new converter for Kerio Personal Firewall, Version 3. Select "Kerio Personal Firewall, Version 3" as the Firewall.
10/27/2002 1.0.78 Disabled logging to Windows Event log because it apparently causes CVTWIN to crash with a run-time error under some conditions on Win 2K. CVTWIN's own logging remains working--this only affects log messages that were sent to Windows Event log when sending email. CVTWIN's own logging logs these messages, so Windows Event logging is not needed.
10/26/2002 1.0.77 Added support for PC-Cillin. See http://dshield.cirt.vt.edu/~dshield/clients/cvtwinfirewalls.html#pc_cillin for instructions.
10/22/2002 1.0.76 Updated Kiwi Cisco-PIX converter to handle more varieties of logs.
10/08/2002 1.0.75 Norton Personal Firewall 2003 converter update.
10/06/2002 1.0.74 More work on Norton Personal Firewall 2003 converter.
10/06/2002 1.0.73 Added converter for Norton Personal Firewall 2003 because the log format is different than previous version of Norton Personal Firewall. Users of the 2003 product should select "Norton Personal Firewall 2003". Users of earlier versions of Norton firewall should use "Norton Personal Firewall". Thanks to Jim Mercer for helping me with this.
10/04/2002 1.0.72 Fixed bug that made the "Send as email" menu operations be greyed out.
9/27/2002 1.0.71 Added converter for Cisco PIX using Kiwi Syslog Daemon.
8/11/2002 1.0.70 Improvements in startup logic to auto-detect-and-configure more firewalls.
Added new documention for Watchguard/Kiwi Syslog Daemon http://dshield.cirt.vt.edu/~dshield/clients/watchguard_kiwi_setup.html Thanks to Richard Roy for contributing these docs.
7/26/2002 1.0.69 Extended converter for Kerio WinRoute Pro to work with "NAT" configuration. If this isn't clear, then think of it that it can convert Winroute Pro log lines that it previously couldn't convert. Thanks to Stephen Farquhar for helping me with this.
Also extended Kerio (formerly Tiny) Personal Firewall converter to recognize ICMP log lines.
7/21/2002 1.0.68 Fixed a problem with Norton Firewall date conversion that affected some non-American date formats.
6/26/2002 1.0.67 Added support for WatchGuard, using Kiwi Syslog Daemon
5/27/2002 1.0.66 Changed install procedure. It is now supplied as a self-extracting zip file--cvtwin-setup.exe, to eliminate the headache of your having to manually unzip it first.
5/6/2002 1.0.65 Fixed Kiwi date conversion. It didn't use the regional variables in cvtwin.ini to set the order of Month, Day and Year. Thanks to Chris Cole for helping me with this.
4/26/2002 1.0.64 Will create SENDIT.BAT in the directory that CVTWIN is installed in. This is a workaround for users that can't use the "send log as email" operations that are built into CVTWIN. See SENDIT.BAT after doing a conversion for more info. Again, you don't need this if you aren't having problems sending mail.
4/25/2002 1.0.63 Added more logging for email operations, and added SENDIT.BAT DOS batch file for people who can't send the log as email with the usual CVTWIN menu operation. Ignore all this if you aren't having a problem sending the log in as email. Thanks to Andrew Fletcher for helping with debugging a knotty Windows version specfic email problem.
4/20/2002 1.0.62 Improved error handling for email operations. Now using version 2.0 of sndmail.dll, which is in the updates zip file.
4/5/2002 1.0.61 User Interface rehab. Improved internal consistancy checking of parameters and operations to provide asistance for some common configuration problems.
4/4/2002 1.0.60 Added filters so that you can exclude based on ports, and by arbitrary content that is in each log line. See the Edit menu for the filters that you can edit.
Fixed problem in Norton Firewall log converter where it wasn't detecting the target IP for some ICMP accesses. Also fixed Norton ICMP records so it is setting the type and code better. Thanks to Brian M. Flack for helping with this.
4/2/2002 1.0.59 Changed date formatting so all converters format as YYYY-MM-DD. Previously, I had been sloppy and formatted some dates as YYYY/MM/DD, which is grudgingly allowed but is not encouraged. Also added additional date filter to reject log lines that are older than 32 days.
4/1/2002 1.0.58 Made formatting the current timestamp that is used for date validity checking be more robust. Before, it only worked for a few variations of Windows Regional Settings. This should eliminate some cases of date comparison failures.
Added additional date validity checking to the Norton Firewall converter.
3/31/2002 1.0.57 Refined Regional Settings handling. Now, it will set CVTWIN's Regional Settings (order of components in the date) the first time that CVTWIN is run. But if it sets it wrong (i.e., problems with dates formatted wrong), see http://dshield.cirt.vt.edu/~dshield/clients/cvtwinreference.html#trouble_date_conversion so you can correct the setting.
Thanks to Brian M. Flack for helping with this and for providing valuable suggestions for improving the documentation.
3/25/2002 1.0.56 Fixed problem with Norton Firewall parser not using the date separator parameter in cvtwin.ini. This affects non-American users if the dates in the Norton log are not in the American MM/DD/YYYY format and they need to edit the Regional Settings in cvtwin.ini. See http://dshield.cirt.vt.edu/~dshield/clients/cvtwinreference.html#trouble_date_conversion
3/25/2002 1.0.55 User interface (Configure dialog box) and documentation makeover.
3/23/2002 1.0.54 Added support for Kiwi Syslog Daemon when used with Linksys routers.
3/21/2002 1.0.53 Changed so that all "Was converted on" and "Email was sent on" timestamps are formatted in YYYY-MM-DD DShield format. This affects how your Summary and the CVTWIN log display dates.
Added auto-detection for some firewalls when CVTWIN is first run. If your firewall isn't auto-detected, please write to dshield@dshield.cirt.vt.edu.
3/20/2002 1.0.52 Added more robust date validity chacking to, hopefully, detect date conversion problems (instead of you submitting logs with invalid dates and wondering why they don't show up when you log in. See the entry for 1.0.51, below.)
3/20/2002 1.0.51 Made setting of Regional Settings in CVTWIN to detect the order of the date components be manual because automatically determining this didn't work with some versions of Norton Firewall. See the "Date Conversion Problems" section of http://dshield.cirt.vt.edu/~dshield/clients/cvtwindocs.html for more information. Note that this currently only applies to users of the Norton Firewall that are having problems with dates not converting properly. Thanks to Brian M. Flack for working with me to diagnose this.
Also removed the cvtwin.ini file from the distribution. If this doesn't exist, now CVTWIN will create it. This change is to prevent updates from overwriting your existing settings, which has happend in some cases.
3/17/2002 Updated README.TXT to be a bit less opaque.
3/12/2002 1.0.50 Added support for Vicom Internet Gateway. Thanks to Tom Gignac for helping with this.
3/1/2002 1.0.49 Added support for newer McAfee version 3.0 firewall. Older version is still supported as "McAfee (Older)."
2/28/2002 1.0.48 Changed URL that "Log into DShield and check your submissions" function uses. You don't need to upgrade for this because we will support the old one for a while.
2/19/2002 1.0.47 Added support for VisNetic/Ambra firewall. Thanks to Justin Smith for helping with this. More BlackIce conversion improvements.
2/3/2002 1.0.46 Improved BlackIce conversion. Suggest that BlackIce users upgrade to current version of CVTWIN. Thanks to Rob Vandenberg for providing important information about the BlackIce log format.
1/25/2002 1.0.45 Updated ZoneAlarm converter so that it also converts FWROUTE log lines.
1/19/2002 1.0.44 Updated Routerlog converter to work better with newer versions of Routerlog, with newer versions of router firmware.
1/14/2002 1.0.43 Fixed problem where date validity check was rejecting some valid dates when they are very recent and are in GMT. Thanks to David Mehl for pointing this out.
1/7/2002 1.0.42 Added date validity check, to detect at least some invalid date conversions. Also fixed bug that was created in last version that caused logs that contain "Sep" in the date field not be translated correctly.
1/6/2002 1.0.41 Added support for Asante FriendlyNet, D-Link, and SMC Barricade routers. See the ASANTE FRIENDLYNET, D-LINK, AND SMC BARRICADE ROUTERS USING ROUTERLOG section of the documentation for details. Thanks to Tony Dew and Jan Weinmann for helping me with this.
12/17/2001 1.0.40 And fixed a longstanding bug with the Norton Parser where the time field wasn't zero padded. This made the "is earlier than" timestamp comparison somtimes fail, so that some log lines were wrongly excluded.
12/17/2001 1.0.39 Fix for Regional Settings processing in Norton converter. (First attempt read .ini file from disk when looking at each log line. Duh.) Thanks to Gary Hubbard for helping me with this.
12/16/2001 1.0.38 Now checks the systems Regional Settings to detect the date format for the Norton parser. I'm not sure if this affects other firewalls. If you have problems with dates not converting properly in your locale, please contact me at info@dshield.
12/14/2001 1.0.37 More improvement (less bugs) for BlackIce converter. Thanks to Will Wilkinson for working with me with this.
12/14/2001 1.0.36 Improved BlackIce conversion so that it now does a better job of rejecting unsupported record types and recognizing supported record types.
12/04/2001 1.0.35 Added support for Sygate firewall.
11/28/2001 1.0.34 Updated ZoneAlarm converter to completly convert ICMP and IGMP records. Thanks to Rob Vandenberg for clarifying this.
11/14/2001 1.0.33 I found out that I defined the IP filters wrong. the 172 block should be
172.16.0.0 - 172.31.255.255 (not 172.255.255.255)
You don't need to update for this--just edit your IP filters to match, from the Edit menu. Thanks to Paul Freeman for bringing this to my attention.
11/13/2001 1.0.32 Changed ZoneAlarm parser to also include lines that start with 'FWROUTE'
11/13/2001 1.0.31 Rewrote code that caused problems with some versions of Windows XP. Thanks to Jorgen Hedlund for coming up with the fix.
11/2/2001 1.0.30 Added support for semicolon ";" delimiters to ZoneAlarm parser.
11/1/2001 1.0.29 Now displays a screen of Quick Docs when the program first starts up, so that new users shouldn't have to search through all the menus to try to figure out where to start.
10/22/2001 1.0.28 Fixed Winroute Pro parser so it rejects log lines that contain accepted packets (we only want log lines that log blocked packets.) Added button to Configure dialog that will automatically log you into DShield with your default browser so you can check your reports.
10/18/2001 1.0.27 Added support for the Windows XP Internet Connection Firewall (ICF) that is built into Windows XP. See http://dshield.cirt.vt.edu/~dshield/clients/windows_xp_firewall_setup.html for information on how to configure ICF.
10/11/2001 1.0.26 Removed WS2_32.DLL from the distribution because some users have reported problems with the version that the installer installs. See README.TXT for more information.
10/08/2001 1.0.25 Improved logic for BlackIce converter.
10/06/2001 1.0.24 Added support for Norton Personal Firewall.
10/05/2001 1.0.23 Fixed problem with WinRoute Pro parser not parsing ICMP properly.
10/04/2001 1.0.22 Added support for Tiny Software WinRoute Pro.
09/17/2001 1.0.21 Added support for McAfee Firewall.
09/16/2001 1.0.20 Fix for crashing when processing newer BlackIce log format.
09/08/2001 1.0.19 Now displays a summary of the results of the last conversion when the program first starts.
09/07/2001 1.0.18 Previous versions couldn't access the most recent Linksys LogViewer log lines unless you explicitly did a "Save File/OK" in LogViewer. Now it can read the entire log file.
09/07/2001 1.0.17 Added support for the Tiny Personal Firewall. http://www.tinysoftware.com/pwall.php
09/05/2001 1.0.16 Improved error checking. Added improved docs for using the task scheduler to http://dshield.cirt.vt.edu/~dshield/clients/schedule_client.html
09/04/2001 1.0.15 Fixed problem that caused Notepad to open minimized on some systems (when editing IP filters.)
09/03/2001 1.0.14 Improved logging when using '-noui' option for unattended (Task Scheduler) operation. Before, it didn't create a log entry if the count was 0.
09/02/2001 1.0.13 Fixed bug where minimizing didn't work. Improved user interface for File View commands.
09/02/2001 1.0.12 Changed the user interface somewhat. It will now allow you to view files from a previous conversion. Previously, you could only view files after doing a conversion. See the (rewritten) documentation for more details. Also, made it so the program is resizable.
09/01/2001 1.0.11 Removed file size restriction when viewing log files. "Check User ID" (in Edit/Configure) now displays the date that your last submission was actually processed on DShield.org, and also displays several other parameters from your DShield user profile.
08/31/2001 1.0.10 Added "Check User ID" button to Edit/Configure dialog box, so you can verify if your user information is in the DShield user database. It queries the DShield site to verify that your user information is in the databese, so that your submissions will show up after you log in and go to "Check Your Reports." If the user information (email address and user ID) don't match up, then you won't be able to see your submissions.
08/29/2001 1.0.9 Fixed bug where Edit/Configure would crash if the configuration file was from a previous version. Fixed log display for Linksys Logviewer.
08/28/2001 1.0.8 Added "Obfuscate IP" checkbox to configuration dialog. This allows you to camouflage your own IP by changing the first portion to "10".
08/28/2001 1.0.7 Bug fix. Fixed bug in saving the date of the last log line processed. It was sometimes clearing this, such that the next run would send in the entire log file.
08/27/2001 1.0.6 Added BlackIce and Linksys LogViewer parsers. Fixed more typos and errors in the documentation file.
08/26/2001 1.0.5 Improved error handling. Worked on documentation to dispell a few mysteries.
08/26/2001 1.0.4 Added filtering by IP, accessed on Edit menu. Moved Configure dialog from File menu to Edit menu. Error handling improvements. (Email log (and status line) would say that email was sent, even if the SMTP server configuration was invalid. No, no, no. Bad error message.)
08/23/2001 1.0.3 Minor cosmetic changes in status displays.
08/23/2001 1.0.2 Made logging more robust. ({App.Path}/CVTWINLOG.TXT). Changed so LastSavedAlertDate isn't saved until the email was actually sent.
08/22/2001 1.0.1 Initial release.