Add rethinkdb output module (#337)

* add rethinkdb output module * add timestamp
2016-11-05 19:37:01 +04:00 · 2016-11-05 19:37:01 +04:00 · 628a498421
parent 30b372c878
commit 628a498421
2 changed files with 69 additions and 0 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@ -370,6 +370,15 @@ logfile = log/cowrie.json
 #password = secret
 #port = 3306

+# Rethinkdb output module
+# Rethinkdb output module requires extra Python module: pip install rethinkdb
+
+#[output_rethinkdblog]
+#host = 127.0.0.1
+#port = 28015
+#table = output
+#password =
+#db = cowrie

 # SQLite3 logging module
 #
--- a/cowrie/output/rethinkdblog.py
+++ b/cowrie/output/rethinkdblog.py
@ -0,0 +1,60 @@
+import time
+from datetime import datetime
+import rethinkdb as r
+
+import cowrie.core.output
+
+
+def iso8601_to_timestamp(value):
+    return time.mktime(datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%fZ").timetuple())
+
+
+class Output(cowrie.core.output.Output):
+    """
+    """
+
+    RETHINK_DB_SEGMENT = 'output_rethinkdblog'
+
+    def __init__(self, cfg):
+        """
+        """
+        self.host = cfg.get(self.RETHINK_DB_SEGMENT, 'host')
+        self.port = cfg.get(self.RETHINK_DB_SEGMENT, 'port')
+        self.db = cfg.get(self.RETHINK_DB_SEGMENT, 'db')
+        self.table = cfg.get(self.RETHINK_DB_SEGMENT, 'table')
+        self.password = cfg.get(self.RETHINK_DB_SEGMENT, 'password')
+        cowrie.core.output.Output.__init__(self, cfg)
+
+    # noinspection PyAttributeOutsideInit
+    def start(self):
+        """
+        """
+        self.connection = r.connect(
+            host=self.host,
+            port=self.port,
+            db=self.db,
+            password=self.password
+        )
+        try:
+            r.db_create(self.db).run(self.connection)
+            r.db(self.db).table_create(self.table).run(self.connection)
+        except r.RqlRuntimeError:
+            pass
+
+    def stop(self):
+        """
+        """
+        self.connection.close()
+
+    def write(self, logentry):
+        """
+        """
+        for i in list(logentry.keys()):
+            # remove twisted 15 legacy keys
+            if i.startswith('log_'):
+                del logentry[i]
+
+        if 'timestamp' in logentry:
+            logentry['timestamp'] = iso8601_to_timestamp(logentry['timestamp'])
+
+        r.table(self.table).insert(logentry).run(self.connection)