Merge branch 'syslog'

2015-07-30 06:58:46 +00:00 · 2015-07-30 06:58:46 +00:00 · 002dde49f3
parent 8512d7c345 7396e85a96
commit 002dde49f3
2 changed files with 57 additions and 3 deletions
--- a/cowrie/core/output.py
+++ b/cowrie/core/output.py
@ -108,8 +108,8 @@ class Output(object):

        ev = copy.copy(event)

-        if 'isError' in ev:
-            del ev['isError']
+        #if 'isError' in ev:
+        #    del ev['isError']
        ev['sensor'] = self.sensor

        # add ISO timestamp and sensor data
@ -137,7 +137,7 @@ class Output(object):
            if not match:
                return
            sessionno = int(match.groups()[0])
-            del ev['system']
+            #del ev['system']

        if sessionno in self.ips:
            ev['src_ip'] = self.ips[sessionno]
--- a/cowrie/output/syslog.py
+++ b/cowrie/output/syslog.py
@ -0,0 +1,54 @@
+# Copyright (c) 2015 Michel Oosterhof <michel@oosterhof.net>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The names of the author(s) may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+import syslog
+import twisted.python.syslog
+
+import cowrie.core.output
+
+class Output(cowrie.core.output.Output):
+
+    def __init__(self, cfg):
+        cowrie.core.output.Output.__init__(self, cfg)
+        self.facility = cfg.get('output_syslog', 'facility')
+        self.syslog = twisted.python.syslog.SyslogObserver(prefix='cowrie')
+
+    def start(self):
+        pass
+
+    def stop(self):
+        pass
+
+    def write(self, logentry):
+        #for i in logentry.keys():
+            # remove twisted 15 legacy keys
+            #if i.startswith('log_'):
+            #    del logentry[i]
+        self.syslog.emit(logentry)
+
+# vim: set sw=4 et: