From 1fea62fdee45d4b7427751ce1a6e449152eb9566 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Wed, 30 Dec 2015 12:18:00 +0000
Subject: [PATCH] Add log size to MySQL database

---
 cowrie/core/output.py     |  3 +--
 cowrie/insults/insults.py | 10 ++++++++--
 cowrie/output/mysql.py    |  4 ++--
 doc/sql/mysql.sql         |  3 ++-
 doc/sql/update9.sql       |  2 ++
 5 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 doc/sql/update9.sql

diff --git a/cowrie/core/output.py b/cowrie/core/output.py
index 609314d..bf54ff6 100644
--- a/cowrie/core/output.py
+++ b/cowrie/core/output.py
@@ -37,7 +37,7 @@ import copy
 import socket
 
 # COW0001 : create session
-# COW0002 : succesful login
+# COW0002 : successful login
 # COW0003 : failed login
 # COW0004 : TTY log opened
 # COW0005 : handle command
@@ -168,4 +168,3 @@ class Output(object):
         if ev['eventid'] == 'COW0011':
             del self.sessions[sessionno]
             del self.ips[sessionno]
-
diff --git a/cowrie/insults/insults.py b/cowrie/insults/insults.py
index 8cd0870..2205a78 100644
--- a/cowrie/insults/insults.py
+++ b/cowrie/insults/insults.py
@@ -59,11 +59,13 @@ class LoggingServerProtocol(insults.ServerProtocol):
             time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
         self.stdinlog_open = False
 
-        insults.ServerProtocol.connectionMade(self)
+        self.ttylog_size = {self.ttylog_file: 0}
 
+        insults.ServerProtocol.connectionMade(self)
 
     def write(self, bytes):
         """
+        Output sent back to user
         """
         for i in self.interactors:
             i.sessionWrite(bytes)
@@ -72,11 +74,14 @@ class LoggingServerProtocol(insults.ServerProtocol):
             ttylog.ttylog_write(self.ttylog_file, len(bytes),
                 ttylog.TYPE_OUTPUT, time.time(), bytes)
 
+            self.ttylog_size[self.ttylog_file] += len(bytes)
+
         insults.ServerProtocol.write(self, bytes)
 
 
     def dataReceived(self, data):
         """
+        Input received from user
         """
         self.bytesReceived += len(data)
         if self.bytesReceivedLimit and self.bytesReceived > self.bytesReceivedLimit:
@@ -154,8 +159,9 @@ class LoggingServerProtocol(insults.ServerProtocol):
                 self.stdinlog_open = False
 
         if self.ttylog_open:
+            size = self.ttylog_size[self.ttylog_file]
             log.msg(eventid='COW0012', format='Closing TTY Log: %(ttylog)s',
-                ttylog=self.ttylog_file)
+                ttylog=self.ttylog_file, size=size)
             ttylog.ttylog_close(self.ttylog_file, time.time())
             self.ttylog_open = False
 
diff --git a/cowrie/output/mysql.py b/cowrie/output/mysql.py
index f40509b..7e090b0 100644
--- a/cowrie/output/mysql.py
+++ b/cowrie/output/mysql.py
@@ -187,7 +187,7 @@ class Output(cowrie.core.output.Output):
 
         elif entry["eventid"] == 'COW0012':
             self.simpleQuery(
-                'INSERT INTO `ttylog` (`session`, `ttylog`) VALUES (%s, %s)',
-                (entry["session"], entry["ttylog"]))
+                'INSERT INTO `ttylog` (`session`, `ttylog`, `size`) VALUES (%s, %s, %s)',
+                (entry["session"], entry["ttylog"], entry["size"]))
 
 # vim: set sw=4 et:
diff --git a/doc/sql/mysql.sql b/doc/sql/mysql.sql
index f9c19ad..7fc64ae 100644
--- a/doc/sql/mysql.sql
+++ b/doc/sql/mysql.sql
@@ -46,7 +46,8 @@ CREATE TABLE `sessions` (
 CREATE TABLE `ttylog` (
   `id` int(11) NOT NULL auto_increment,
   `session` char(32) NOT NULL,
-  `ttylog` mediumblob NOT NULL,
+  `ttylog` varchar(100) NOT NULL,
+  `size` int(11) NOT NULL,
   PRIMARY KEY  (`id`)
 ) ;
 
diff --git a/doc/sql/update9.sql b/doc/sql/update9.sql
new file mode 100644
index 0000000..d0d8160
--- /dev/null
+++ b/doc/sql/update9.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `ttylog` CHANGE `ttylog` `ttylog` VARCHAR(100) NOT NULL;
+ALTER TABLE `ttylog` ADD `size` INT(11) NOT NULL;