From d13293af68c7831abd58332b180f0025598d9e6d Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Wed, 29 Jul 2015 13:52:48 +0400 Subject: [PATCH 1/2] mods to output.py to add meta data --- cowrie/core/output.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cowrie/core/output.py b/cowrie/core/output.py index aeff7582..2d6ccb54 100644 --- a/cowrie/core/output.py +++ b/cowrie/core/output.py @@ -108,8 +108,8 @@ class Output(object): ev = copy.copy(event) - if 'isError' in ev: - del ev['isError'] + #if 'isError' in ev: + # del ev['isError'] ev['sensor'] = self.sensor # add ISO timestamp and sensor data @@ -137,7 +137,7 @@ class Output(object): if not match: return sessionno = int(match.groups()[0]) - del ev['system'] + #del ev['system'] if sessionno in self.ips: ev['src_ip'] = self.ips[sessionno] From 7396e85a960cc6f5cf67802557371becaf34164c Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Wed, 29 Jul 2015 23:08:43 +0400 Subject: [PATCH 2/2] add syslog mod --- cowrie/output/syslog.py | 54 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 cowrie/output/syslog.py diff --git a/cowrie/output/syslog.py b/cowrie/output/syslog.py new file mode 100644 index 00000000..5b9ccdb7 --- /dev/null +++ b/cowrie/output/syslog.py @@ -0,0 +1,54 @@ +# Copyright (c) 2015 Michel Oosterhof +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The names of the author(s) may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import syslog +import twisted.python.syslog + +import cowrie.core.output + +class Output(cowrie.core.output.Output): + + def __init__(self, cfg): + cowrie.core.output.Output.__init__(self, cfg) + self.facility = cfg.get('output_syslog', 'facility') + self.syslog = twisted.python.syslog.SyslogObserver(prefix='cowrie') + + def start(self): + pass + + def stop(self): + pass + + def write(self, logentry): + #for i in logentry.keys(): + # remove twisted 15 legacy keys + #if i.startswith('log_'): + # del logentry[i] + self.syslog.emit(logentry) + +# vim: set sw=4 et: