Add Session ID to names of ttylog and stdinlog files

Also add 'i' or 'e' for 'interactive'/'execcmd' types of sessions.
2026-02-22 06:44:26 +01:00 · 2015-11-19 14:15:50 +00:00
parent a0a1de4704
commit 31e80a9528
1 changed files with 10 additions and 4 deletions
--- a/cowrie/core/protocol.py
+++ b/cowrie/core/protocol.py
@@ -375,16 +375,22 @@ class LoggingServerProtocol(insults.ServerProtocol):
    def __init__(self, prot=None, *a, **kw):
        insults.ServerProtocol.__init__(self, prot, *a, **kw)
        self.cfg = a[0].cfg
+        if prot is HoneyPotExecProtocol:
+            self.type = 'e' # execcmd
+        else:
+            self.type = 'i' # interactive


    def connectionMade(self):
        """
        """
        transport = self.transport.session.conn.transport
+        channel_id = self.transport.session.id

-        transport.ttylog_file = '%s/tty/%s-%s.log' % \
+        transport.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \
            (self.cfg.get('honeypot', 'log_path'),
-            time.strftime('%Y%m%d-%H%M%S'), transport.transportId)
+            time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channel_id,
+            self.type)

        self.ttylog_file = transport.ttylog_file
        log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file,
@@ -393,9 +399,9 @@ class LoggingServerProtocol(insults.ServerProtocol):
        ttylog.ttylog_open(transport.ttylog_file, time.time())
        self.ttylog_open = True

-        self.stdinlog_file = '%s/%s-%s-stdin.log' % \
+        self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \
            (self.cfg.get('honeypot', 'download_path'),
-            time.strftime('%Y%m%d-%H%M%S'), transport.transportId)
+            time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channel_id)
        self.stdinlog_open = False

        insults.ServerProtocol.connectionMade(self)