Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Update to SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update to

I discovered an issue with the tool I wrote about last June.  I've updated correcting an error where it was populating the sensor column of the session table improperly.  I discovered the error after loading some data into MySQL and then attempting to use Ion's kippo2elasticsearch script to move the data into ElasticSearch.  I've also discovered an anomaly that I have not yet taken up with the kippo author, why is the sensor colum in the session table int(4) when the id column of the sensor table is int(11)?  Since I only have a handful of sensors, it hasn't impacted me, but if you have an installation with a huge number of sensors, this could become a problem.  Anyway, get the new version and if you've imported data using the old version, you may need to reimport.  Sorry about that.


Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2021


423 Posts
ISC Handler
Feb 7th 2015

Sign Up for Free or Log In to start participating in the conversation!