Duplicates (#995)

* reduce duplicates noise in logs
2019-01-27 12:26:26 +04:00 · 2019-01-27 12:26:26 +04:00 · b4894c61fa
parent 22910109c6
commit b4894c61fa
3 changed files with 15 additions and 5 deletions
--- a/src/cowrie/commands/curl.py
+++ b/src/cowrie/commands/curl.py
@ -296,13 +296,15 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
        # If we have content already, delete temp file
        if not os.path.exists(hashPath):
            os.rename(self.safeoutfile, hashPath)
+            duplicate = False
        else:
            os.remove(self.safeoutfile)
-            log.msg("Not storing duplicate content " + shasum)
+            duplicate = True

        self.protocol.logDispatch(eventid='cowrie.session.file_download',
                                  format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
                                  url=self.url,
+                                  duplicate=duplicate,
                                  outfile=hashPath,
                                  shasum=shasum,
                                  destfile=self.safeoutfile)
--- a/src/cowrie/commands/scp.py
+++ b/src/cowrie/commands/scp.py
@ -121,13 +121,15 @@ class command_scp(HoneyPotCommand):
            # If we have content already, delete temp file
            if not os.path.exists(hash_path):
                os.rename(self.safeoutfile, hash_path)
+                duplicate = False
            else:
                os.remove(self.safeoutfile)
-                log.msg("Not storing duplicate content " + shasum)
+                duplicate = True

            log.msg(format='SCP Uploaded file \"%(filename)s\" to %(outfile)s',
                    eventid='cowrie.session.file_upload',
                    filename=os.path.basename(fname),
+                    duplicate=duplicate,
                    url=fname,
                    outfile=shasum,
                    shasum=shasum,
--- a/src/cowrie/insults/insults.py
+++ b/src/cowrie/insults/insults.py
@ -128,13 +128,15 @@ class LoggingServerProtocol(insults.ServerProtocol):
                    shasumfile = os.path.join(self.downloadPath, shasum)
                    if os.path.exists(shasumfile):
                        os.remove(self.stdinlogFile)
-                        log.msg("Duplicate stdin content {}".format(shasum))
+                        duplicate = True
                    else:
                        os.rename(self.stdinlogFile, shasumfile)
+                        duplicate = False

                log.msg(eventid='cowrie.session.file_download',
                        format='Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s',
                        url='stdin',
+                        duplicate=duplicate,
                        outfile=shasumfile,
                        shasum=shasum,
                        destfile='')
@ -166,12 +168,14 @@ class LoggingServerProtocol(insults.ServerProtocol):
                        shasumfile = os.path.join(self.downloadPath, shasum)
                        if os.path.exists(shasumfile):
                            os.remove(rf)
-                            log.msg("Duplicate redir content with hash {}".format(shasum))
+                            duplicate = True
                        else:
                            os.rename(rf, shasumfile)
+                            duplicate = False
                    log.msg(eventid='cowrie.session.file_download',
                            format='Saved redir contents with SHA-256 %(shasum)s to %(outfile)s',
                            url=url,
+                            duplicate=duplicate,
                            outfile=shasumfile,
                            shasum=shasum,
                            destfile=url)
@ -186,9 +190,10 @@ class LoggingServerProtocol(insults.ServerProtocol):
            shasumfile = os.path.join(self.ttylogPath, shasum)

            if os.path.exists(shasumfile):
-                log.msg("Duplicate TTY log with hash {}".format(shasum))
+                duplicate = True
                os.remove(self.ttylogFile)
            else:
+                duplicate = False
                os.rename(self.ttylogFile, shasumfile)
                umask = os.umask(0)
                os.umask(umask)
@ -199,6 +204,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
                    ttylog=shasumfile,
                    size=self.ttylogSize,
                    shasum=shasum,
+                    duplicate=duplicate,
                    duration=time.time() - self.startTime)

        insults.ServerProtocol.connectionLost(self, reason)