glaslos
commented
11 years ago Should be possible, bind Kiwi to a TCP socket and modify the Glastopf config: http://www.kiwisyslog.com/help/syslog/index.html?setup_tcp_input.htm
Closed flori07 closed 10 years ago
glaslos
commented
11 years ago Should be possible, bind Kiwi to a TCP socket and modify the Glastopf config: http://www.kiwisyslog.com/help/syslog/index.html?setup_tcp_input.htm
flori07
commented
11 years ago The problem is that I don't really know how to modify glastopf.cfg. I enabled syslog in the configuration file but I don't know what to use for the socket option "socket =....." I tried different options but none worked
flori07
commented
11 years ago If I leave it the way it is [syslog] enabled=TRUE socket=/dev/log
I think I still have to modify the /erc/rsyslog.conf file and here is where I'm stuck. I added the following line . @@172.28.5.114:1468 and I don't know what else to do to make it work
flori07
commented
11 years ago sorry, it is . @@172.28.5.114:1468
glaslos
commented
11 years ago Have you tried to set the socket option in the Glastopf config to 172.28.5.114:1468 ?
flori07
commented
11 years ago Yes, I did and this is only part of the error when I run glastopf-runner:
File "/usr/local/lib/python2.7/dist-packages/Glastopf-3.0.9_dev-py2.7.egg/glastopf/modules/logging_handler.py", line 49, in get_aux_loggers logger_instance = logger_class(data_dir) File "/usr/local/lib/python2.7/dist-packages/Glastopf-3.0.9_dev-py2.7.egg/glastopf/modules/reporting/auxiliary/log_syslog.py", line 41, in init LogSyslog.log_handler = logging.handlers.SysLogHandler(address=self.options['socket']) File "/usr/lib/python2.7/logging/handlers.py", line 729, in init self._connect_unixsocket(address) File "/usr/lib/python2.7/logging/handlers.py", line 745, in _connect_unixsocket self.socket.connect(address) File "/usr/lib/python2.7/socket.py", line 224, in meth return getattr(self._sock,name)(*args) socket.error: [Errno 2] No such file or directory
glaslos
commented
11 years ago Ah, let me fix that...
glaslos
commented
11 years ago Okay, pull master and give that dirty fix a try...
flori07
commented
11 years ago I modified the log_syslog.py file from glastopf/modules/reporting/auxiliary/log_syslog.py and I also modified the log_syslog.py from usr/local/lib..... Now when i run glastopf-runner it raises an error when I try to access the honeypot from the browser:
2013-09-27 21:37:37,108 (glastopf.glastopf) Initializing Glastopf 3.0.9-dev using "/opt/myhoneypot" as work directory. 2013-09-27 21:37:37,111 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db 2013-09-27 21:37:37,305 (pyhpfeeds) connecting to hpfriends.honeycloud.net:20000 2013-09-27 21:37:39,639 (pyhpfeeds) info message name: hpfriends, rand: '\xefi\x12\x81' 2013-09-27 21:37:39,648 (glastopf.glastopf) Glastopf started and privileges dropped. 2013-09-27 21:37:46,352 (glastopf.glastopf) 127.0.0.1 requested GET / on localhost Exception in thread Thread-2: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 551, in bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 504, in run self.__target(_self.args, *_self.__kwargs) File "/usr/local/lib/python2.7/dist-packages/Glastopf-3.0.9_dev-py2.7.egg/glastopf/glastopf.py", line 128, in post_processer logger.insert(attack_event) File "/usr/local/lib/python2.7/dist-packages/Glastopf-3.0.9_dev-py2.7.egg/glastopf/modules/reporting/auxiliary/log_syslog.py", line 52, in insert 'host': attack_event.http_request.header.get('Host', "None"), AttributeError: HTTPHandler instance has no attribute 'header'
2013-09-27 21:37:46,642 (glastopf.glastopf) 127.0.0.1 requested GET /style.css on localhost
Thanks a lot, and sorry for the trouble
glaslos
commented
11 years ago Okay, we are at least one step further. I'll have another look into it after lunch.
hey, is it possible to log data from glastopf to a windows syslog server (KIWI syslog server -for example)?