From 31e80a9528ef36041f0f7c8ce6fc72a03117bf5e Mon Sep 17 00:00:00 2001 From: Vaclav Bartos Date: Thu, 19 Nov 2015 14:15:50 +0000 Subject: [PATCH] Add Session ID to names of ttylog and stdinlog files Also add 'i' or 'e' for 'interactive'/'execcmd' types of sessions. --- cowrie/core/protocol.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cowrie/core/protocol.py b/cowrie/core/protocol.py index 5a5aae5..209d6ce 100644 --- a/cowrie/core/protocol.py +++ b/cowrie/core/protocol.py @@ -375,16 +375,22 @@ class LoggingServerProtocol(insults.ServerProtocol): def __init__(self, prot=None, *a, **kw): insults.ServerProtocol.__init__(self, prot, *a, **kw) self.cfg = a[0].cfg + if prot is HoneyPotExecProtocol: + self.type = 'e' # execcmd + else: + self.type = 'i' # interactive def connectionMade(self): """ """ transport = self.transport.session.conn.transport + channel_id = self.transport.session.id - transport.ttylog_file = '%s/tty/%s-%s.log' % \ + transport.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ (self.cfg.get('honeypot', 'log_path'), - time.strftime('%Y%m%d-%H%M%S'), transport.transportId) + time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channel_id, + self.type) self.ttylog_file = transport.ttylog_file log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file, @@ -393,9 +399,9 @@ class LoggingServerProtocol(insults.ServerProtocol): ttylog.ttylog_open(transport.ttylog_file, time.time()) self.ttylog_open = True - self.stdinlog_file = '%s/%s-%s-stdin.log' % \ + self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ (self.cfg.get('honeypot', 'download_path'), - time.strftime('%Y%m%d-%H%M%S'), transport.transportId) + time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channel_id) self.stdinlog_open = False insults.ServerProtocol.connectionMade(self)