brianwarehime
commented
8 years ago Try checking the possible fixes in #29 and let me know if those work for you.
Open xECK29x opened 8 years ago
brianwarehime
commented
8 years ago Try checking the possible fixes in #29 and let me know if those work for you.
xECK29x
commented
8 years ago Splunk appears to be working ok, I see the initial check in log in the honeypot index but nothing else:
sensorIP=68.199.x.x, ASN=6128, ASN_Country=US, description=Optimum Online, network_name=NETBLK-OOL-5BLK, network_range=68.192.0.0 - 68.199.255.255
Performing an ls of the cowrie/log directory shows nothing, tty is empty as well.
Looks like it could be an initialization issue with twisted/cowrie, see attached log (unknown command cowrie). tango_install.txt
mlalibs
commented
8 years ago I had the same issue with the sensor.sh startup script in Ubuntu 14.04 and 16.04. The PIP install of tango has an additional dependency of the cryptography PIP module which also requires the libffi-dev package to be installed on the system. I updated the setup script to install the libffi-dev package and cyrptography PIP module. I'll submit a pull request to update it here..
In the meantime, edit your sensor.sh script and add libffi-dev to line 149 and cryptography to line 156.
I have tried a few fresh installs of Tango but Cowrie is not producing logs. I see during install it fails to chmod the log file because it does not exist. Even after performing some test logins to the honeypot it still does not appear to log.
Anyone else have this issue?