search

telekom-security / ewsposter

collect logs and alerts from 27 honeypots and send it to backed (eg peba, geba), hpfeeds, influxdb or jSON file.
GNU General Public License v3.0
16 stars 7 forks source link

Cowrie logs error #5

Closed t3chn0m4g3 closed 3 years ago

t3chn0m4g3 commented 3 years ago

Ewsposter seems to have some hickups with the latest Cowrie:

EWS Poster v1.20 (c) by Markus Schroer <markus.schroer@telekom.de>
 => Create lock socket successfull.
 => ESend: checking spooldir and resend alert
    -> [INFO] No jobs to send in spooldir: /opt/ewsposter/spool/.
 => Starting DIONAEA Honeypot Modul.
 => Starting HONEYTRAP Honeypot Modul.
    -> Calculate MD5Sum for payload files and rename files.
 => Starting CONPOT Honeypot Modul.
 => Starting COWRIE Honeypot Modul.
Traceback (most recent call last):
  File "/opt/ewsposter/ews.py", line 1172, in <module>
    eval(honeypot + '()')
  File "<string>", line 1, in <module>
  File "/opt/ewsposter/ews.py", line 930, in cowrie
    cowrieSessions[sid]['version'] = re.search(r"b'(.*)'", line["version"], re.M).group(1)
AttributeError: 'NoneType' object has no attribute 'group'

I sent you the logs via Slack.

t3chn0m4g3 commented 3 years ago

Thanks. Fixed by 0502c39941bab10643502c27f7bd7eee301b21c0