The collector is a component of the AirCERT collection platform that is responsible for accepting and logging security event data from collaborators (i.e., normalizers or publishers). Practically, the collector is implemented as an Apache module called mod_air. It receives HTTPS POST requests from dredge (the cache retransmission engine), the contents of which are an XML document conforming a common DTD. The collector authenticates the connection; parses and validates the data; and finally writes the raw data and some associated meta-data into a database. Upon completion, the collector returns to the client an HTTP status code corresponding the success of processing the submitted security event data.
mod_air is released under the GPL license.