output plugins wip

kippo/core/ssh.py

@@ -97,6 +97,27 @@ class HoneyPotSSHFactory(factory.SSHFactory):
             log.startLoggingWithObserver(dblogger.emit, setStdout=False)
             self.dbloggers.append(dblogger)
 
+        # load new output modules
+        self.output_plugins = [];
+        for x in cfg.sections():
+             if not x.startswith('output_'):
+                 continue
+             engine = x.split('_')[1]
+             output = 'output_' + engine
+             lcfg = ConfigParser.ConfigParser()
+             lcfg.add_section(output)
+             for i in cfg.options(x):
+                 lcfg.set(output, i, cfg.get(x, i))
+             lcfg.add_section('honeypot')
+             for i in cfg.options('honeypot'):
+                 lcfg.set('honeypot', i, cfg.get('honeypot', i))
+             log.msg( 'Loading output engine: %s' % (engine,) )
+             output = __import__(
+             'kippo.output.%s' % (engine,),
+             globals(), locals(), ['output']).Output(lcfg)
+             log.startLoggingWithObserver(output.emit, setStdout=False)
+             self.output_plugins.append(output)
+
     def buildProtocol(self, addr):
         """
         Create an instance of the server side of the SSH protocol.

kippo/output/README.md

@@ -0,0 +1,17 @@
+To create additional output plugins, place Python modules in this directory.
+
+Plugins need to subclass kippo.core.output.Output and define at least the
+methods 'start', 'stop' and 'handleLog'
+
+    import kippo.core.output
+
+    class Output(kippo.core.output.Output):
+
+        def start(self, cfg):
+
+        def stop(self):
+
+        def handleLog( self, event ):
+
+
+

kippo/output/jsonlog.py

@@ -0,0 +1,54 @@
+# Copyright (c) 2015 Michel Oosterhof <michel@oosterhof.net>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The names of the author(s) may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+import abc
+import json
+
+import kippo.core.output
+
+class Output(kippo.core.output.Output):
+
+    def start(self, cfg):
+        self.outfile = file(cfg.get('output_jsonlog', 'logfile'), 'a')
+
+    def stop(self):
+        pass
+
+    def write(self, session, logentry):
+        _meta = {
+                     'session' : session,
+                }
+        logentry.update( _meta )
+        json.dump( logentry,  self.outfile )
+        self.outfile.write( '\n' )
+        self.outfile.flush()
+
+    def handleLog( self, session, event ):
+        self.write( session, event )
+
+# vim: set sw=4 et: