Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: More updates to kippo-log2db - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More updates to kippo-log2db

It has been a while, but I finally got around to fixing a bug in my script for putting kippo text logs into a kippo-formatted MySQL database.  In this case, it was a bug that caused the sensor column in the sessions table to be NULL instead of the correct value.  I just used the updated script to analyze 2.8M login attempts from 2015 in one of my kippo honeypots.  I first wrote about the script here.  I've also moved some of my tools including this script to github.  You can find the latest version here.  I think I may have another bug that was reported by a user a while back to fix, I'll try to get to that in the next month.  In the meantime, I welcome thoughts and comments by e-mail or in the comments.

Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Cyber Defence Australia 2022


423 Posts
ISC Handler
Feb 7th 2016

Sign Up for Free or Log In to start participating in the conversation!