From 628a49842131216e4724de282ff133bcc51981c6 Mon Sep 17 00:00:00 2001
From: Dmitry Merkurev <didika914@gmail.com>
Date: Sat, 5 Nov 2016 19:37:01 +0400
Subject: [PATCH] Add rethinkdb output module (#337)

* add rethinkdb output module

* add timestamp
---
 cowrie.cfg.dist               |  9 ++++++
 cowrie/output/rethinkdblog.py | 60 +++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 cowrie/output/rethinkdblog.py

diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist
index 365cef6a..b7462120 100644
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -370,6 +370,15 @@ logfile = log/cowrie.json
 #password = secret
 #port = 3306
 
+# Rethinkdb output module
+# Rethinkdb output module requires extra Python module: pip install rethinkdb
+
+#[output_rethinkdblog]
+#host = 127.0.0.1
+#port = 28015
+#table = output
+#password =
+#db = cowrie
 
 # SQLite3 logging module
 #
diff --git a/cowrie/output/rethinkdblog.py b/cowrie/output/rethinkdblog.py
new file mode 100644
index 00000000..976ce272
--- /dev/null
+++ b/cowrie/output/rethinkdblog.py
@@ -0,0 +1,60 @@
+import time
+from datetime import datetime
+import rethinkdb as r
+
+import cowrie.core.output
+
+
+def iso8601_to_timestamp(value):
+    return time.mktime(datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%fZ").timetuple())
+
+
+class Output(cowrie.core.output.Output):
+    """
+    """
+
+    RETHINK_DB_SEGMENT = 'output_rethinkdblog'
+
+    def __init__(self, cfg):
+        """
+        """
+        self.host = cfg.get(self.RETHINK_DB_SEGMENT, 'host')
+        self.port = cfg.get(self.RETHINK_DB_SEGMENT, 'port')
+        self.db = cfg.get(self.RETHINK_DB_SEGMENT, 'db')
+        self.table = cfg.get(self.RETHINK_DB_SEGMENT, 'table')
+        self.password = cfg.get(self.RETHINK_DB_SEGMENT, 'password')
+        cowrie.core.output.Output.__init__(self, cfg)
+
+    # noinspection PyAttributeOutsideInit
+    def start(self):
+        """
+        """
+        self.connection = r.connect(
+            host=self.host,
+            port=self.port,
+            db=self.db,
+            password=self.password
+        )
+        try:
+            r.db_create(self.db).run(self.connection)
+            r.db(self.db).table_create(self.table).run(self.connection)
+        except r.RqlRuntimeError:
+            pass
+
+    def stop(self):
+        """
+        """
+        self.connection.close()
+
+    def write(self, logentry):
+        """
+        """
+        for i in list(logentry.keys()):
+            # remove twisted 15 legacy keys
+            if i.startswith('log_'):
+                del logentry[i]
+
+        if 'timestamp' in logentry:
+            logentry['timestamp'] = iso8601_to_timestamp(logentry['timestamp'])
+
+        r.table(self.table).insert(logentry).run(self.connection)