Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-02-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More updates to kippo-log2db

Published: 2016-02-06
Last Updated: 2016-02-06 22:50:09 UTC
by Jim Clausing (Version: 1)
0 comment(s)

It has been a while, but I finally got around to fixing a bug in my script for putting kippo text logs into a kippo-formatted MySQL database.  In this case, it was a bug that caused the sensor column in the sessions table to be NULL instead of the correct value.  I just used the updated script to analyze 2.8M login attempts from 2015 in one of my kippo honeypots.  I first wrote about the script here.  I've also moved some of my tools including this script to github.  You can find the latest version here.  I think I may have another bug that was reported by a user a while back to fix, I'll try to get to that in the next month.  In the meantime, I welcome thoughts and comments by e-mail or in the comments.

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: tools kippo
0 comment(s)
Diary Archives