cowrie-logs Configuration

« cowrie-logs »
v0.1 by crowdsecurity
Log parser

Parse cowrie honeypots logs

Installation

cscli parsers install crowdsecurity/cowrie-logs

YAML Configuration

1onsuccess: next_stage
2name: cowrie-logs
3description: "Parse cowrie honeypots logs"
4filter: "evt.Parsed.program == 'cowrie'"
5grok:
6  name: "COWRIE_NEW_CO"
7  apply_on: message
8statics:
9    - meta: service
10      value: telnet
11    - meta: log_type
12      value: telnet_new_session
13    - meta: source_ip
14      expression: "evt.Parsed.source_ip"
15    - meta: dest_ip
16      expression: "evt.Parsed.dest_ip"
17    - meta: dest_port
18      expression: "evt.Parsed.dest_port"
19    - parsed: "telnet_session"
20      expression: "evt.Parsed.telnet_session"

Hub configuration

« cowrie-logs »v0.1 by crowdsecurityLog parser

« cowrie-logs »
v0.1 by crowdsecurity
Log parser