Ansible-Role for Cowrie inside an docker-container

it-kombinat / splunk-demo

Splunk-Demo - Install Splunk and Rsyslog Clients to demonstrate splunk

0 stars 0 forks source link

Ansible-Role for Cowrie inside an docker-container #8

Closed it-kombinat closed 5 years ago

it-kombinat commented 5 years ago

Git clone cowrie repo

git clone https://github.com/cowrie/cowrie

Config change Splunk output plugin doesn't work - therefore I have been trying the json outpout. Unfortunately, the splunk input parsing is wrong ....

# JSON based logging module
#
[output_jsonlog]
enabled = true
logfile = ${honeypot:log_path}/cowrie.json

docker run -it -p 2222:2222 -v $(pwd)/etc:/cowrie/cowrie-git/etc -v $(pwd)/var/log/cowrie:/cowrie/cowrie-git/var/log/cowrie cowrie/cowrie

it-kombinat commented 5 years ago

https://github.com/cowrie/cowrie/issues/927

it-kombinat commented 5 years ago

Issue https://github.com/cowrie/cowrie/issues/927 closed, but new error popped up ...

New issue created

https://github.com/cowrie/cowrie/issues/952

it-kombinat commented 5 years ago

works now

[output_splunk]
enabled = true
url = http://splunk-ip:8088/services/collector/event
token = dfsfsd-dsfds-sdfsf-43243
#index = cowrie
sourcetype = cowrie
#source = cowrie