diff --git a/cowrie/commands/base.py b/cowrie/commands/base.py index 01c055d..b2f4b15 100644 --- a/cowrie/commands/base.py +++ b/cowrie/commands/base.py @@ -317,7 +317,7 @@ class command_passwd(HoneyPotCommand): def lineReceived(self, line): """ """ - log.msg( eventid='KIPP0008', realm='passwd', input=line, + log.msg( eventid='COW0008', realm='passwd', input=line, format='INPUT (%(realm)s): %(input)s' ) self.password = line.strip() self.callbacks.pop(0)(line) @@ -581,7 +581,7 @@ class command_perl(HoneyPotCommand): def lineReceived(self, line): """ """ - log.msg( eventid='KIPP0008', realm='perl', input=line, + log.msg( eventid='COW0008', realm='perl', input=line, format='INPUT (%(realm)s): %(input)s' ) @@ -661,7 +661,7 @@ class command_php(HoneyPotCommand): def lineReceived(self, line): """ """ - log.msg( eventid='KIPP0008', realm='php', input=line, + log.msg( eventid='COW0008', realm='php', input=line, format='INPUT (%(realm)s): %(input)s' ) diff --git a/cowrie/commands/busybox.py b/cowrie/commands/busybox.py index fe7cc94..72e2a0d 100644 --- a/cowrie/commands/busybox.py +++ b/cowrie/commands/busybox.py @@ -69,7 +69,7 @@ class command_busybox(HoneyPotCommand): cmdclass = self.protocol.getCommand(cmd, self.environ['PATH'].split(':')) if cmdclass: - log.msg(eventid='KIPP0005', input=line, + log.msg(eventid='COW0005', input=line, format='Command found: %(input)s') self.protocol.call_command(cmdclass, *args) else: diff --git a/cowrie/commands/curl.py b/cowrie/commands/curl.py index 303c158..572510b 100644 --- a/cowrie/commands/curl.py +++ b/cowrie/commands/curl.py @@ -312,10 +312,10 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only log.msg("Not storing duplicate content " + shasum) self.protocol.logDispatch(format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s', - eventid='KIPP0007', url=self.url, outfile=hashPath, shasum=shasum) + eventid='COW0007', url=self.url, outfile=hashPath, shasum=shasum) log.msg(format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s', - eventid='KIPP0007', url=self.url, outfile=hashPath, shasum=shasum) + eventid='COW0007', url=self.url, outfile=hashPath, shasum=shasum) # Link friendly name to hash os.symlink(shasum, self.safeoutfile) diff --git a/cowrie/commands/fs.py b/cowrie/commands/fs.py index 4788ced..8b2e596 100644 --- a/cowrie/commands/fs.py +++ b/cowrie/commands/fs.py @@ -30,7 +30,7 @@ class command_cat(HoneyPotCommand): def lineReceived(self, line): - log.msg( eventid='KIPP0008', realm='cat', input=line, + log.msg( eventid='COW0008', realm='cat', input=line, format='INPUT (%(realm)s): %(input)s' ) @@ -78,7 +78,7 @@ class command_tail(HoneyPotCommand): def lineReceived(self, line): - log.msg( eventid='KIPP0008', realm='tail', input=line, + log.msg( eventid='COW0008', realm='tail', input=line, format='INPUT (%(realm)s): %(input)s' ) @@ -125,7 +125,7 @@ class command_head(HoneyPotCommand): def lineReceived(self, line): - log.msg( eventid='KIPP0008', realm='head', input=line, + log.msg( eventid='COW0008', realm='head', input=line, format='INPUT (%(realm)s): %(input)s' ) diff --git a/cowrie/commands/scp.py b/cowrie/commands/scp.py index f5275cf..092dcfd 100644 --- a/cowrie/commands/scp.py +++ b/cowrie/commands/scp.py @@ -69,7 +69,7 @@ class command_scp(HoneyPotCommand): def lineReceived(self, line): """ """ - log.msg( eventid='KIPP0008', realm='scp', input=line, + log.msg( eventid='COW0008', realm='scp', input=line, format='INPUT (%(realm)s): %(input)s' ) self.protocol.terminal.write( '\x00' ) diff --git a/cowrie/commands/sudo.py b/cowrie/commands/sudo.py index b8c332d..1091664 100644 --- a/cowrie/commands/sudo.py +++ b/cowrie/commands/sudo.py @@ -108,7 +108,7 @@ Sudoers I/O plugin version 1.8.5p2''') cmdclass = self.protocol.getCommand(cmd, self.environ['PATH'].split(':')) if cmdclass: - log.msg(eventid='KIPP0005', input=line, + log.msg(eventid='COW0005', input=line, format='Command found: %(input)s') self.protocol.call_command(cmdclass, *args) self.exit() diff --git a/cowrie/commands/wget.py b/cowrie/commands/wget.py index cee1716..ad3b2bb 100644 --- a/cowrie/commands/wget.py +++ b/cowrie/commands/wget.py @@ -165,10 +165,10 @@ class command_wget(HoneyPotCommand): log.msg("Not storing duplicate content " + shasum) self.protocol.logDispatch( format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s', - eventid='KIPP0007', url=self.url, outfile=hash_path, shasum=shasum ) + eventid='COW0007', url=self.url, outfile=hash_path, shasum=shasum ) log.msg( format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s', - eventid='KIPP0007', url=self.url, outfile=hash_path, shasum=shasum ) + eventid='COW0007', url=self.url, outfile=hash_path, shasum=shasum ) # link friendly name to hash os.symlink( shasum, self.safeoutfile ) diff --git a/cowrie/core/checkers.py b/cowrie/core/checkers.py index de177d7..3a054a8 100644 --- a/cowrie/core/checkers.py +++ b/cowrie/core/checkers.py @@ -33,7 +33,7 @@ class HoneypotPublicKeyChecker: """ _pubKey = keys.Key.fromString(credentials.blob) log.msg(format='public key attempt for user %(username)s with fingerprint %(fingerprint)s', - eventid='KIPP0016', + eventid='COW0016', username=credentials.username, fingerprint=_pubKey.fingerprint()) return failure.Failure(error.ConchError('Incorrect signature')) @@ -120,12 +120,12 @@ class HoneypotPasswordChecker: theauth = authname(self.cfg) if theauth.checklogin(theusername, thepassword, ip): - log.msg(eventid='KIPP0002', + log.msg(eventid='COW0002', format='login attempt [%(username)s/%(password)s] succeeded', username=theusername, password=thepassword) return True else: - log.msg(eventid='KIPP0003', + log.msg(eventid='COW0003', format='login attempt [%(username)s/%(password)s] failed', username=theusername, password=thepassword) return False diff --git a/cowrie/core/dblog.py b/cowrie/core/dblog.py index ebe22e3..4812543 100644 --- a/cowrie/core/dblog.py +++ b/cowrie/core/dblog.py @@ -11,21 +11,21 @@ import abc # dblog now operates based on eventids, no longer on regex parsing of the entry. # add an eventid using keyword args and it will be picked up by the dblogger -# the KIPPxxxx naming convention is still subject to change. +# the COWxxxx naming convention is still subject to change. -# KIPP0001 : create session -# KIPP0002 : succesful login -# KIPP0003 : failed login -# KIPP0004 : TTY log opened -# KIPP0005 : handle command -# KIPP0006 : handle unknown command -# KIPP0007 : file download -# KIPP0008 : INPUT -# KIPP0009 : SSH Version -# KIPP0010 : Terminal Size -# KIPP0011 : Connection Lost -# KIPP0012 : TTY log closed -# KIPP0013 : env var requested +# COW0001 : create session +# COW0002 : succesful login +# COW0003 : failed login +# COW0004 : TTY log opened +# COW0005 : handle command +# COW0006 : handle unknown command +# COW0007 : file download +# COW0008 : INPUT +# COW0009 : SSH Version +# COW0010 : Terminal Size +# COW0011 : Connection Lost +# COW0012 : TTY log closed +# COW0013 : env var requested class DBLogger(object): __metaclass__ = abc.ABCMeta @@ -37,20 +37,20 @@ class DBLogger(object): self.re_sessionlog = re.compile( '.*HoneyPotTransport,([0-9]+),[0-9.]+$') - # KIPP0001 is special since it kicks off new logging session, + # COW0001 is special since it kicks off new logging session, # and is not handled here self.events = { - 'KIPP0002': self.handleLoginSucceeded, - 'KIPP0003': self.handleLoginFailed, - 'KIPP0004': self.handleTTYLogOpened, - 'KIPP0005': self.handleCommand, - 'KIPP0006': self.handleUnknownCommand, - 'KIPP0007': self.handleFileDownload, - 'KIPP0008': self.handleInput, - 'KIPP0009': self.handleClientVersion, - 'KIPP0010': self.handleTerminalSize, - 'KIPP0011': self._connectionLost, - 'KIPP0012': self.handleTTYLogClosed, + 'COW0002': self.handleLoginSucceeded, + 'COW0003': self.handleLoginFailed, + 'COW0004': self.handleTTYLogOpened, + 'COW0005': self.handleCommand, + 'COW0006': self.handleUnknownCommand, + 'COW0007': self.handleFileDownload, + 'COW0008': self.handleInput, + 'COW0009': self.handleClientVersion, + 'COW0010': self.handleTerminalSize, + 'COW0011': self._connectionLost, + 'COW0012': self.handleTTYLogClosed, } self.reported_ssh_port = None @@ -95,7 +95,7 @@ class DBLogger(object): return # connection event is special. adds to list - if ev['eventid'] == 'KIPP0001': + if ev['eventid'] == 'COW0001': sessionno = ev['sessionno'] peerIP, peerPort = ev['src_ip'], ev['src_port'] hostIP, hostPort = ev['dst_ip'], ev['dst_port'] diff --git a/cowrie/core/honeypot.py b/cowrie/core/honeypot.py index 8d33f9b..883b40d 100644 --- a/cowrie/core/honeypot.py +++ b/cowrie/core/honeypot.py @@ -173,10 +173,10 @@ class HoneyPotShell(object): rargs.append(arg) cmdclass = self.protocol.getCommand(cmd, environ['PATH'].split(':')) if cmdclass: - log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s') + log.msg(eventid='COW0005', input=line, format='Command found: %(input)s') self.protocol.call_command(cmdclass, *rargs) else: - log.msg(eventid='KIPP0006', + log.msg(eventid='COW0006', input=line, format='Command not found: %(input)s') if len(line): self.protocol.writeln('bash: %s: command not found' % (cmd,)) diff --git a/cowrie/core/output.py b/cowrie/core/output.py index 475023a..f4d3133 100644 --- a/cowrie/core/output.py +++ b/cowrie/core/output.py @@ -36,22 +36,22 @@ import re import copy import socket -# KIPP0001 : create session -# KIPP0002 : succesful login -# KIPP0003 : failed login -# KIPP0004 : TTY log opened -# KIPP0005 : handle command -# KIPP0006 : handle unknown command -# KIPP0007 : file download -# KIPP0008 : INPUT -# KIPP0009 : SSH Version -# KIPP0010 : Terminal Size -# KIPP0011 : Connection Lost -# KIPP0012 : TTY log closed -# KIPP0013 : env var requested -# KIPP0014 : direct-tcpip request -# KIPP0015 : direct-tcpip data -# KIPP0016 : key fingerprint +# COW0001 : create session +# COW0002 : succesful login +# COW0003 : failed login +# COW0004 : TTY log opened +# COW0005 : handle command +# COW0006 : handle unknown command +# COW0007 : file download +# COW0008 : INPUT +# COW0009 : SSH Version +# COW0010 : Terminal Size +# COW0011 : Connection Lost +# COW0012 : TTY log closed +# COW0013 : env var requested +# COW0014 : direct-tcpip request +# COW0015 : direct-tcpip data +# COW0016 : key fingerprint class Output(object): """ @@ -133,7 +133,7 @@ class Output(object): del ev['time'] # On disconnect add the tty log - #if ev['eventid'] == 'KIPP0012': + #if ev['eventid'] == 'COW0012': # FIXME: file is read for each output plugin #f = file(ev['ttylog']) #ev['ttylog'] = f.read(10485760) @@ -155,7 +155,7 @@ class Output(object): ev['src_ip'] = self.ips[sessionno] # Connection event is special. adds to session list - if ev['eventid'] == 'KIPP0001': + if ev['eventid'] == 'COW0001': self.sessions[sessionno] = ev['id'] self.ips[sessionno] = ev['src_ip'] del ev['id'] @@ -165,7 +165,7 @@ class Output(object): self.write(ev) # Disconnect is special, remove cached data - if ev['eventid'] == 'KIPP0011': + if ev['eventid'] == 'COW0011': del self.sessions[sessionno] del self.ips[sessionno] diff --git a/cowrie/core/protocol.py b/cowrie/core/protocol.py index 8b58182..691ea24 100644 --- a/cowrie/core/protocol.py +++ b/cowrie/core/protocol.py @@ -395,7 +395,7 @@ class LoggingServerProtocol(insults.ServerProtocol): ttylog.ttylog_open(self.ttylog_file, time.time()) self.ttylog_open = True - log.msg(eventid='KIPP0004', ttylog=self.ttylog_file, + log.msg(eventid='COW0004', ttylog=self.ttylog_file, format='Opening TTY Log: %(ttylog)s') self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ @@ -424,7 +424,7 @@ class LoggingServerProtocol(insults.ServerProtocol): """ self.bytesReceived += len(data) if self.bytesReceivedLimit and self.bytesReceived > self.bytesReceivedLimit: - log.msg(eventid='KIPP0015', format='Data upload limit reached') + log.msg(eventid='COW0015', format='Data upload limit reached') #self.loseConnection() self.eofReceived() return @@ -489,7 +489,7 @@ class LoggingServerProtocol(insults.ServerProtocol): else: os.rename(self.stdinlog_file, shasumfile) os.symlink(shasum, self.stdinlog_file) - log.msg(eventid='KIPP0007', + log.msg(eventid='COW0007', format='Saved stdin contents to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum) except IOError as e: @@ -498,7 +498,7 @@ class LoggingServerProtocol(insults.ServerProtocol): self.stdinlog_open = False if self.ttylog_open: - log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s', + log.msg(eventid='COW0012', format='Closing TTY Log: %(ttylog)s', ttylog=self.ttylog_file) ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False diff --git a/cowrie/core/ssh.py b/cowrie/core/ssh.py index 8bdc1bb..f363427 100644 --- a/cowrie/core/ssh.py +++ b/cowrie/core/ssh.py @@ -41,7 +41,7 @@ class HoneyPotSSHSession(session.SSHSession): value, rest = getNS(rest) if rest: raise ValueError("Bad data given in env request") - log.msg(eventid='KIPP0013', format='request_env: %(name)s=%(value)s', + log.msg(eventid='COW0013', format='request_env: %(name)s=%(value)s', name=name, value=value) # Environment variables come after shell or before exec command if self.session: @@ -173,7 +173,7 @@ class SSHSessionForCowrieUser: """ """ self.environ['TERM'] = terminal - log.msg(eventid='KIPP0010', width=windowSize[0], height=windowSize[1], + log.msg(eventid='COW0010', width=windowSize[0], height=windowSize[1], format='Terminal Size: %(width)s %(height)s') self.windowSize = windowSize return None @@ -279,7 +279,7 @@ class CowrieSFTPFile: """ self.bytes_written += len(data) if self.bytesReceivedLimit and self.bytes_written > self.bytesReceivedLimit: - log.msg(eventid='KIPP0015', format='Data upload limit reached') + log.msg(eventid='COW0015', format='Data upload limit reached') raise filetransfer.SFTPError( filetransfer.FX_FAILURE, "Quota exceeded" ) self.sftpserver.fs.lseek(self.fd, offset, os.SEEK_SET) self.sftpserver.fs.write(self.fd, data) @@ -486,7 +486,7 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata """ """ remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data) - log.msg(eventid='KIPP0014', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s', + log.msg(eventid='COW0014', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s', dst_ip=remoteHP[0], dst_port=remoteHP[1]) return CowrieConnectForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, @@ -506,7 +506,7 @@ class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel): def dataReceived(self, data): """ """ - log.msg(eventid='KIPP0015', + log.msg(eventid='COW0015', format='direct-tcp forward to %(dst_ip)s:%(dst_port)s with data %(data)s', dst_ip=self.hostport[0], dst_port=self.hostport[1], data=repr(data)) self._close("Connection refused") diff --git a/cowrie/core/transport.py b/cowrie/core/transport.py index 846e31b..8ad90ac 100644 --- a/cowrie/core/transport.py +++ b/cowrie/core/transport.py @@ -168,7 +168,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): """ self.transportId = uuid.uuid4().hex[:8] - log.msg(eventid='KIPP0001', + log.msg(eventid='COW0001', format='New connection: %(src_ip)s:%(src_port)s (%(dst_ip)s:%(dst_port)s) [session: %(sessionno)s]', src_ip=self.transport.getPeer().host, src_port=self.transport.getPeer().port, dst_ip=self.transport.getHost().host, dst_port=self.transport.getHost().port, @@ -236,7 +236,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): strings, rest = k[:-1], k[-1] (kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS, langSC) = [s.split(',') for s in strings] - log.msg(eventid='KIPP0009', version=self.otherVersionString, + log.msg(eventid='COW0009', version=self.otherVersionString, kexAlgs=kexAlgs, keyAlgs=keyAlgs, encCS=encCS, macCS=macCS, compCS=compCS, format='Remote SSH version: %(version)s') @@ -269,7 +269,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): transport.SSHServerTransport.connectionLost(self, reason) self.transport.connectionLost(reason) self.transport = None - log.msg(eventid='KIPP0011', format='Connection lost') + log.msg(eventid='COW0011', format='Connection lost') def sendDisconnect(self, reason, desc): diff --git a/cowrie/dblog/hpfeeds.py b/cowrie/dblog/hpfeeds.py index 0cbcc8e..f83e809 100644 --- a/cowrie/dblog/hpfeeds.py +++ b/cowrie/dblog/hpfeeds.py @@ -28,7 +28,7 @@ SIZES = { OP_SUBSCRIBE: 5+256*2, } -KIPPOCHAN = 'cowrie.sessions' +COWRIECHAN = 'cowrie.sessions' class BadClient(Exception): pass @@ -221,7 +221,7 @@ class DBLogger(dblog.DBLogger): self.meta[session]['endTime']=datetime.now().isoformat() ttylog = self.ttylog(session) if ttylog: meta['ttylog'] = ttylog.encode('hex') - self.client.publish(KIPPOCHAN, **meta) + self.client.publish(COWRIECHAN, **meta) def handleLoginFailed(self, session, args): u, p = args['username'], args['password'] diff --git a/cowrie/output/dshield.py b/cowrie/output/dshield.py index c9e2af4..f9d370b 100644 --- a/cowrie/output/dshield.py +++ b/cowrie/output/dshield.py @@ -33,7 +33,7 @@ class Output(cowrie.core.output.Output): pass def write(self, entry): - if entry["eventid"] == 'KIPP0002' or entry["eventid"] == 'KIPP0003': + if entry["eventid"] == 'COW0002' or entry["eventid"] == 'COW0003': date = dateutil.parser.parse(entry["timestamp"]) self.batch.append({ 'date' : date.date().__str__(), diff --git a/cowrie/output/mysql.py b/cowrie/output/mysql.py index 80b87dd..f40509b 100644 --- a/cowrie/output/mysql.py +++ b/cowrie/output/mysql.py @@ -99,7 +99,7 @@ class Output(cowrie.core.output.Output): docstring here """ - if entry["eventid"] == 'KIPP0001': + if entry["eventid"] == 'COW0001': r = yield self.db.runQuery( "SELECT `id` FROM `sensors` WHERE `ip` = %s", (self.sensor,)) if r: @@ -115,49 +115,49 @@ class Output(cowrie.core.output.Output): (entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', sensorid, entry["src_ip"])) - elif entry["eventid"] == 'KIPP0002': + elif entry["eventid"] == 'COW0002': self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \ ', `username`, `password`, `timestamp`)' + \ ' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))', (entry["session"], 1, entry['username'], entry['password'], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ')) - elif entry["eventid"] == 'KIPP0003': + elif entry["eventid"] == 'COW0003': self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \ ', `username`, `password`, `timestamp`)' + \ ' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))', (entry["session"], 0, entry['username'], entry['password'], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ')) - elif entry["eventid"] == 'KIPP0005': + elif entry["eventid"] == 'COW0005': self.simpleQuery('INSERT INTO `input`' + \ ' (`session`, `timestamp`, `success`, `input`)' + \ ' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)', (entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', 1, entry["input"])) - elif entry["eventid"] == 'KIPP0006': + elif entry["eventid"] == 'COW0006': self.simpleQuery('INSERT INTO `input`' + \ ' (`session`, `timestamp`, `success`, `input`)' + \ ' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)', (entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', 0, entry["input"])) - elif entry["eventid"] == 'KIPP0007': + elif entry["eventid"] == 'COW0007': self.simpleQuery('INSERT INTO `downloads`' + \ ' (`session`, `timestamp`, `url`, `outfile`, `shasum`)' + \ ' VALUES (%s, STR_TO_DATE(%s, %s), %s, %s)', (entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', entry['url'], entry['outfile'], entry['shasum'])) - elif entry["eventid"] == 'KIPP0008': + elif entry["eventid"] == 'COW0008': self.simpleQuery('INSERT INTO `input`' + \ ' (`session`, `timestamp`, `realm`, `input`)' + \ ' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)', (entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', entry["realm"], entry["input"])) - elif entry["eventid"] == 'KIPP0009': + elif entry["eventid"] == 'COW0009': r = yield self.db.runQuery( 'SELECT `id` FROM `clients` WHERE `version` = %s', \ (entry['version'],)) @@ -173,19 +173,19 @@ class Output(cowrie.core.output.Output): 'UPDATE `sessions` SET `client` = %s WHERE `id` = %s', (id, entry["session"])) - elif entry["eventid"] == 'KIPP0010': + elif entry["eventid"] == 'COW0010': self.simpleQuery( 'UPDATE `sessions` SET `termsize` = %s WHERE `id` = %s', ('%sx%s' % (entry['width'], entry['height']), entry["session"])) - elif entry["eventid"] == 'KIPP0011': + elif entry["eventid"] == 'COW0011': self.simpleQuery( 'UPDATE `sessions` SET `endtime` = STR_TO_DATE(%s, %s)' + \ ' WHERE `id` = %s', (entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ', entry["session"])) - elif entry["eventid"] == 'KIPP0012': + elif entry["eventid"] == 'COW0012': self.simpleQuery( 'INSERT INTO `ttylog` (`session`, `ttylog`) VALUES (%s, %s)', (entry["session"], entry["ttylog"]))