elasticsearch output support - early release

2026-01-03 22:34:27 +01:00 · 2015-11-17 01:25:17 +01:00
parent 5d118967bc
commit 794d441c66
2 changed files with 42 additions and 0 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -227,6 +227,14 @@ interact_port = 5123
 [output_jsonlog]
 logfile = log/cowrie.json

+# Supports logging to elasticsearch
+# This is a simple early release
+#
+#[output-elasticsearch]
+#host = localhost
+#port = 9200
+#index = cowrie
+#type = cowrie

 # Local Syslog output module
 #
--- a/cowrie/output/elasticsearch.py
+++ b/cowrie/output/elasticsearch.py
@@ -0,0 +1,34 @@
+# Simple elasticsearch logger
+
+import os
+import json
+
+import pyes 
+
+import cowrie.core.output
+
+
+class Output(cowrie.core.output.Output):
+
+
+    def __init__(self, cfg):
+        self.host = cfg.get('output_elasticsearch', 'host')
+        self.port = cfg.get('output_elasticsearch', 'port')
+        self.index = cfg.get('output_elasticsearch', 'index')
+        self.type = cfg.get('output_elasticsearch', 'type')
+        cowrie.core.output.Output.__init__(self, cfg)
+
+
+    def start(self):
+        self.es = pyes.ES('{0}:{1}'.format(self.host, self.port))
+
+    def stop(self):
+        pass
+
+    def write(self, logentry):
+        for i in logentry.keys():
+            # remove twisted 15 legacy keys
+            if i.startswith('log_'):
+                del logentry[i]
+
+        self.es.index(logentry, self.index, self.type)