dionaea icon indicating copy to clipboard operation
dionaea copied to clipboard

Published 20 hours ago verified publisher icon DinoTools

XMPP and MySQL database logging support

Open Mato-Z opened this issue 8 years ago • 7 comments

Hello, I have one question, why did you remove XMPP module support? Are you planning support of this feature in the future again please? And are you planning support for logging to MySQL or PostgreSQL "central" database for example from many honeypots to one SQL database. This fork have added support for PostgreSQL https://github.com/GovCERT-CZ/dionaea/commit/0a2689d61c1878e92549f8d93ab6b51ef6caa707 maybe you could inspire with it...
Thanks!

Mato-Z avatar Sep 30 '16 00:09 Mato-Z

The logxmpp module has been removed because no one wanted to support it, it requires an patched xmpp server and no one was using it. See #11 for more information. A proof of concept to support different SQL servers has been implemented in the log_db_sql module. But tt is still in alpha state and might be removed in one of the next versions.

Any reason why you don't use one of the other logging features?

  • log_json
  • hpfeeds
  • ...

phibos avatar Sep 30 '16 19:09 phibos

Hello @phibos thanks for your answer. Yes you are right. But XMPP is still interesting for more specific research projects. For example Honeybrid uses Dionaea XMPP - http://honeybrid.sourceforge.net/#module, so I think that keep this module for specific use would be good for researchers. And SQL logging: SQL is still great thing for sophistical analysis, it caughts all events and it enables use most advanced queries which are useful for manually analysis too...

Mato-Z avatar Sep 30 '16 20:09 Mato-Z

@Mato-Z you could just revert this one single commit https://github.com/DinoTools/dionaea/commit/e54a6261b1f1fc49e99e40d080a0d8587ba14e0a as well as cherry-pick one commit https://github.com/GovCERT-CZ/dionaea/commit/0a2689d61c1878e92549f8d93ab6b51ef6caa707 in your fork

katkad avatar Oct 05 '16 11:10 katkad

The modules recommended by @katkad will not work with the latest version of dionaea.

phibos avatar Oct 05 '16 18:10 phibos

Deprecated modules like the logxmpp module are hard to maintain because setting up a test environment will require additional resources and are only used by a few people. But we could create an additional repository (e.g. dionaea_extras) and add those modules and some setup/install scripts. This would keep the modules independent from the core and the release schedule.

What do you think?

phibos avatar Oct 05 '16 18:10 phibos

@phibos, good idea, but if dionaea_extras will not contain your new additions (as emulation of new protocols and ect.) it will be a big pity. And what support for SQL central logging as for example MySQL?

Mato-Z avatar Oct 09 '16 19:10 Mato-Z

I think JSON is the way to go and as dionaea (with thanks to @phibos) moves forward so should the tools building up on dionaea.

@Mato-Z You should check out T-Pot 😃

t3chn0m4g3 avatar Oct 17 '16 21:10 t3chn0m4g3