doc updates

INSTALL.md

@@ -80,15 +80,16 @@ $ source cowrie-env/bin/activate
 
 ## Step 4: Install configuration file
 
-Take a look at the configuration file and make changes as desired.  The defaults work well in most cases.
+Take a look at the configuration file and make changes as desired.
+The defaults work well in most cases.
 ```
 $ cp etc/cowrie.cfg.dist etc/cowrie.cfg
 ```
 
 ## Step 5: Generate a DSA key
 
-This step should not be necessary, however some versions of twisted
-are not compatible.  To avoid problems in advance, run:
+This step should not be necessary, however some versions of Twisted
+are not compatible. To avoid problems in advance, run:
 
 ```
 $ cd etc
@@ -98,9 +99,9 @@ $ cd ..
 
 ## Step 6: Turning on cowrie
 
-Cowrie is implemented as a module for twisted, but to properly
+Cowrie is implemented as a module for Twisted, but to properly
 import everything the top-level source directory needs to be in
-python's os.path.  This sometimes won't happen correctly, so make
+python's os.path. This sometimes won't happen correctly, so make
 it explicit:
 
 ```
@@ -132,7 +133,7 @@ $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 222
 ```
 
 Note that you should test this rule only from another host; it
-doesn't apply to loopback connections.  Alternatively you can run
+doesn't apply to loopback connections. Alternatively you can run
 authbind to listen as non-root on port 22 directly:
 
 ```
@@ -199,8 +200,8 @@ $ ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
 ```
 
 * If you see `twistd: Unknown command: cowrie` there are two
-possibilities.  If there's a python stack trace, it probably means
-there's a missing or broken dependency.  If there's no stack trace,
+possibilities. If there's a python stack trace, it probably means
+there's a missing or broken dependency. If there's no stack trace,
 double check that your PYTHONPATH is set to the source code directory.
 * Default file permissions
 
@@ -215,4 +216,4 @@ brew install gmp
 brew install mpfr
 brew install mpc
 brew install libmpc
-```
+```

README.md

@@ -47,16 +47,16 @@ Software required:
 ## Files of interest:
 
 * `etc/cowrie.cfg` - Cowrie's configuration file. Default values can be found in `etc/cowrie.cfg.dist`
-* `data/fs.pickle` - fake filesystem
-* `data/userdb.txt` - credentials allowed or disallowed to access the honeypot
-* `dl/` - files transferred from the attacker to the honeypot are stored here
-* `honeyfs/` - file contents for the fake filesystem - feel free to copy a real system here or use `bin/fsctl`
-* `log/cowrie.json` - transaction output in JSON format
-* `log/cowrie.log` - log/debug output
-* `log/tty/*.log` - session logs
-* `txtcmds/` - file contents for the fake commands
-* `bin/createfs` - used to create the fake filesystem
-* `bin/playlog` - utility to replay session logs
+* `etc/userdb.txt` - credentials allowed or disallowed to access the honeypot
+* `var/log/cowrie/cowrie.log` - Twisted format log
+* `var/log/cowrie/cowrie.json` - transaction output in JSON format
+* `var/lib/ttylog/` - session logs UML format
+* `var/lib/dl/` - files transferred from the attacker to the honeypot are stored here
+* `share/cowrie/fs.pickle` - fake filesystem
+* `share/cowrie/txtcmds/` - file contents for fake commands
+* `share/cowrie/honeyfs/` - file contents for the fake filesystem
+* `bin/createfs` - used to create the honeypot filesystem
+* `bin/playlog` - utility to replay session logs in UML format
 
 ## Is it secure?