honssh
honssh copied to clipboard
Published
20 hours ago •
tnich
tnich
ELK Output
In case anyone's interested, I've written a Python application that takes
HonSSH data files and puts them into an Elasticsearch database. It's at PyPI: (
(https://pypi.python.org/pypi/pogo/) and can be installed on any Linux system
with pip by executing (as root)
pip install --pre pogo
(Depending on your version of pip, you may or may not need the --pre. Some
versions of pip won't install Beta software without it.)
If you try it and/or modify it, I'd love to hear any comments you have. Email
me at [email protected]
Tony
Original comment by [email protected] on 31 Jan 2015 at 10:04
Hi Tony,
Thanks a lot for coding this module.
Eventually I will make HonSSH output directly into Elasticsearch. I am really
interested to see how you formatted the data etc.
Cheers!
Original comment by [email protected] on 2 Feb 2015 at 7:04
Thank you for mentioning it. Please do take a look and feel free to use any of
it in your own code, or to suggest improvements.
The code's on Github: https://github.com/tonyrein/pogo. Pull requests more than
welcome!
Tony
Original comment by [email protected] on 9 Feb 2015 at 7:34
I forgot to mention in my last message -- I just found a bug today in Pogo
involving parsing of the username/password records. If the password contains a
comma, the record won't be parsed properly.
I expect to fix that this week.
Original comment by [email protected] on 9 Feb 2015 at 7:36
Hey,
Sounds good, I'll take a look more closely when I get some spare time!
Haha, I ran into that issue with the spoof.log file, decided to change the
delimiter to ' - ' instead. I might change the daily logs to that too at some
point.
Original comment by [email protected] on 9 Feb 2015 at 7:40
