add prototype axiom output (#2323)

etc/cowrie.cfg.dist

@@ -1092,4 +1092,9 @@ host = 127.0.0.1
 port = 514
 # protocol options: udp or tcp
 # (default: udp)
-protocol = udp
+protocol = udp
+
+[output_axiom]
+enabled = false
+api_token = fill_out_your_token_here
+dataset = cowrie

src/cowrie/output/axiom.py

@@ -0,0 +1,61 @@
+# Simple Telegram Bot logger
+
+import json
+
+from twisted.internet import defer
+from twisted.python import log
+from twisted.web import http_headers
+
+import treq
+
+import cowrie.core.output
+from cowrie.core.config import CowrieConfig
+
+
+AXIOM_URL = "https://api.axiom.co/v1"
+
+
+class Output(cowrie.core.output.Output):
+    """
+    axiom.co output
+    """
+
+    def start(self) -> None:
+        self.api_token = CowrieConfig.get("output_axiom", "api_token")
+        self.dataset = CowrieConfig.get("output_axiom", "dataset")
+        self.headers = http_headers.Headers(
+            {
+                b"Content-Type": [b"application/json"],
+                b"Authorization": [f"Bearer {self.api_token}".encode()],
+            }
+        )
+        self.url = f"{AXIOM_URL}/datasets/{self.dataset}/ingest"
+
+    def stop(self) -> None:
+        pass
+
+    def log_response(self, out):
+        print(out.text())
+
+    @defer.inlineCallbacks
+    def write(self, event):
+        event["_time"] = event.pop("timestamp")
+        for i in list(event.keys()):
+            # Remove twisted 15 legacy keys
+            if i.startswith("log_") or i == "time" or i == "system":
+                del event[i]
+
+        try:
+            msg = json.dumps(event, separators=(",", ":")).encode()
+        except TypeError:
+            msg = "jsonlog: Can't serialize: '" + repr(event) + "'".encode()
+
+        resp = yield treq.post(
+            self.url,
+            data=b"[" + msg + b"]",
+            headers=self.headers,
+        )
+
+        if resp.code != 200:
+            error = yield resp.text()
+            print(error)