More updates to kippo-log2db
It has been a while, but I finally got around to fixing a bug in my script for putting kippo text logs into a kippo-formatted MySQL database. In this case, it was a bug that caused the sensor column in the sessions table to be NULL instead of the correct value. I just used the updated script to analyze 2.8M login attempts from 2015 in one of my kippo honeypots. I first wrote about the script here. I've also moved some of my tools including this script to github. You can find the latest version here. I think I may have another bug that was reported by a user a while back to fix, I'll try to get to that in the next month. In the meantime, I welcome thoughts and comments by e-mail or in the comments.
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
Comments