Added MongoDB output support (#407)

2025-12-17 05:54:21 +01:00 · 2017-01-13 05:57:19 -08:00
parent cf16ff398e
commit eb638750a1
4 changed files with 68 additions and 0 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -385,6 +385,14 @@ logfile = log/cowrie.json
 #[output_sqlite]
 #db_file = cowrie.db

+# MongoDB logging module
+#
+# MongoDB logging requires an extra Python module: pip install pymongo
+#
+#[output_mongodb]
+#connection_string = mongodb://username:password@host:port/database
+#database = dbname
+

 # Splunk SDK output module - Legacy. Requires Splunk API installed
 # This sends logs directly to Splunk using the Python REST SDK
--- a/cowrie/test/unittests.cfg
+++ b/cowrie/test/unittests.cfg
@@ -343,6 +343,14 @@ logfile = log/cowrie.json
 #[output_sqlite]
 #db_file = cowrie.db

+# MongoDB logging module
+#
+# MongoDB logging requires an extra Python module: pip install pymongo
+#
+#[output_mongodb]
+#connection_string = mongodb://username:password@host:port/database
+#database = dbname
+

 # Splunk SDK output module - EARLY RELEASE NOT RECOMMENDED
 # This sends logs directly to Splunk using the Python REST SDK
--- a/mongodb.py
+++ b/mongodb.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+
+import pymongo
+
+from twisted.python import log
+
+import cowrie.core.output
+
+
+class Output(cowrie.core.output.Output):
+    """
+    """
+
+    def __init__(self, cfg):
+        self.cfg = cfg
+        cowrie.core.output.Output.__init__(self, cfg)
+
+
+    def start(self):
+        """
+        """
+        db_addr = self.cfg.get('output_mongodb', 'connection_string')
+        db_name = self.cfg.get('output_mongodb', 'database')
+
+        try:
+            self.mongo_client = pymongo.MongoClient(db_addr)
+            self.mongo_db = self.mongo_client[db_name]
+            self.coll = self.mongo_db['events']
+        except Exception, e:
+            log.msg('output_mongodb: Error: %s' % str(e))
+
+
+    def stop(self):
+        """
+        """
+        self.mongo_client.close()
+
+
+    def write(self, entry):
+        """
+        """
+        for i in list(entry.keys()):
+            # Remove twisted 15 legacy keys
+            if i.startswith('log_'):
+                del entry[i]
+        try:
+            self.coll.insert_one(entry)
+        except Exception,e:
+            log.msg('output_mongodb: MongoDB Error: %s' % str(e))
--- a/requirements-output.txt
+++ b/requirements-output.txt
@@ -10,6 +10,9 @@ pyes
 # mysql
 MySQL-python

+# mongodb
+pymongo
+
 # rethinkdblog
 rethinkdb