Last Updated: 2016-02-06 22:50:09 UTC
by Jim Clausing (Version: 1)
It has been a while, but I finally got around to fixing a bug in my script for putting kippo text logs into a kippo-formatted MySQL database. In this case, it was a bug that caused the sensor column in the sessions table to be NULL instead of the correct value. I just used the updated script to analyze 2.8M login attempts from 2015 in one of my kippo honeypots. I first wrote about the script here. I've also moved some of my tools including this script to github. You can find the latest version here. I think I may have another bug that was reported by a user a while back to fix, I'll try to get to that in the next month. In the meantime, I welcome thoughts and comments by e-mail or in the comments.
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu