1. Zuhause
  2. Frage und Antwort
  3. Fehlinterpretation mit Hashes in Perl, aus Protokolldatei bevöl

Fehlinterpretation mit Hashes in Perl, aus Protokolldatei bevöl

2016-05-03 5 views
-5

Unten sehen Sie die Ausgabe auf dem Bildschirm finden und den Quellcode des ProblemsFehlinterpretation mit Hashes in Perl, aus Protokolldatei bevöl

Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 1. 
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 2. 
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 3. 
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 4. 
AttemptsOnIP 
181.3.202.142,1 
183.3.202.172,18 

Port,Status,AttemptOnPort,AttemptsOnIP,Malicious 
15853,failed,4,1, 
15853,succeeded,4,1, 
18693,failed,1,1, 
18942,failed,1,1, 
18942,succeeded,1,1, 
31130,succeeded,1,1, 
43041,failed,1,1, 
43041,succeeded,1,1, 
44444,failed,1,1, 
46321,failed,1,1, 
46321,succeeded,1,1, 
47417,failed,3,1, 
47417,succeeded,3,1, 
48713,failed,1,1, 
48713,succeeded,1,1, 
53653,failed,1,1, 
53653,succeeded,1,1, 
60563,failed,1,1, 
60563,succeeded,1,1, 
15853,failed,4,18, 
15853,succeeded,4,18, 
18693,failed,1,18, 
18942,failed,1,18, 
18942,succeeded,1,18, 
31130,succeeded,1,18, 
43041,failed,1,18, 
43041,succeeded,1,18, 
44444,failed,1,18, 
46321,failed,1,18, 
46321,succeeded,1,18, 
47417,failed,3,18, 
47417,succeeded,3,18, 
48713,failed,1,18, 
48713,succeeded,1,18, 
53653,failed,1,18, 
53653,succeeded,1,18, 
60563,failed,1,18, 
60563,succeeded,1,18,

Dies ist der Code

#!/usr/bin/perl 

use warnings; 
use strict; 

my $file = "/home/tsec/prototype/logs/extractedlogs/cowrieresult.log"; 
open (LOG, $file); 

# Assemble results for required output in data structure: 
# %rept = { $port => { $usr => { $status => $freq } }; 

my %by_ip;#new code 
my %rept; 
my ($ip, $port); 

while (my $line = <LOG>) 
{ 
    if ($line =~ /New connection/) { 
     ($ip, $port) = $line =~ /New connection:\s+([^:]+):(\d+)/; 
     $by_ip{$ip}++; 
     next; 
    } 

    my ($usr, $status) = $line =~ m/login\ attempt \s+ \[ ([^\]]+) \] \s+ (\w+)/x; 
    if ($usr and $status) { 
     $rept{$port}{$usr}{$status}++; 
     #$by_ip{$ip}{$usr}{$status}++; # first 4 lines in log dont have ip and port 
     # since they are login attempt not new connection. 
    } 
    else { warn "Line with an unexpected format:\n$line" } 
} 
#close(LOG); 
#open (LOG, $file); 
#my $frequency = 0; 
#while (my $line = <LOG>){ 
#  if($line =~ /login attempt/){ 

     #split string, get the ip and match it with original $ip 
#  my ($testip) = (split /[\s,:\[\]\/]+/, $line)[-6]; 
     #print "$testip\n"; 
     #this two lines above print ips from login attempt line. 
#  if($testip =~ /$ip/){ 
#    $frequency++; 
#  } 
     #elsif($testip =~ /^(?!$ip)/) { 
       # stop frequency counter and start another one? 
     #  print "$frequency\n"; 
     #  $frequency = 0; 
     #} 

#  } 
#} 
#print "$frequency\n"; 
#close(LOG); 

#new code 
print "AttemptsOnIP\n"; 
#foreach my $ip (sort keys %by_ip){ 
#  foreach my $usr (sort keys %{$by_ip{$ip}}){ 
#    foreach my $status (sort keys %{$rept{$usr}}){ 
#      print "$ip,$by_ip{$ip}{$usr}{$status}\n"; 
#    } 
#  } 
#} 

#new code 
foreach my $ip (sort keys %by_ip){ 
     print "$ip,$by_ip{$ip}\n"; 
} 

print "\n"; 

#new code 
print "Port,Status,AttemptOnPort,AttemptsOnIP,Malicious\n"; 
foreach my $ip (sort keys %by_ip){ 
foreach my $port (sort keys %rept) { 
    foreach my $usr (sort keys %{$rept{$port}}) { 
     foreach my $stat (sort keys %{$rept{$port}{$usr}}) { 
       if($port ne ""){ 

          print "$port,$stat,$rept{$port}{$usr}{$stat},$by_ip{$ip},\n"; 

       } 
     } 
    } 

} 
} 
#new code

Erzeugung Und das ist die Logfile, die ich

habe 
2016-05-02 10:20:56+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:20:58+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:43:32+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:55157 (172.17.0.5:2222) [session: 43283650] 
2016-05-02 10:43:46+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:10319 (172.17.0.5:2222) [session: c7702f86] 
2016-05-02 10:43:53+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:46321 (172.17.0.5:2222) [session: fe7bb804] 
2016-05-02 10:43:57+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:43:58+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:43:59+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18693 (172.17.0.5:2222) [session: d74eae96] 
2016-05-02 10:44:02+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:03+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:31130 (172.17.0.5:2222) [session: 3bde7820] 
2016-05-02 10:44:03+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:05+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:47417 (172.17.0.5:2222) [session: 3e177c02] 
2016-05-02 10:44:06+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:09+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:10+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:11+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:13+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:14+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:06:55+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:13849 (172.17.0.5:2222) [session: b20915b6] 
2016-05-02 11:07:06+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:61338 (172.17.0.5:2222) [session: cd38fe51] 
2016-05-02 11:07:14+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:23048 (172.17.0.5:2222) [session: 01b12825] 
2016-05-02 11:07:21+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:60563 (172.17.0.5:2222) [session: ad64232b] 
2016-05-02 11:07:26+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:07:27+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:07:33+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53653 (172.17.0.5:2222) [session: 9c48415b] 
2016-05-02 11:07:41+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:07:47+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:12:25+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18942 (172.17.0.5:2222) [session: a4dc4901] 
2016-05-02 11:12:34+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:12:36+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:40+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:40091 (172.17.0.5:2222) [session: aeb36234] 
2016-05-02 11:32:43+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53505 (172.17.0.5:2222) [session: 9022c831] 
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15131 (172.17.0.5:2222) [session: cf62fb9a] 
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15853 (172.17.0.5:2222) [session: f2f6c254] 
2016-05-02 11:32:50+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:52+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:56+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:57+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:59+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:04+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:07+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:48713 (172.17.0.5:2222) [session: e1544c90] 
2016-05-02 11:33:15+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:33:18+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:43041 (172.17.0.5:2222) [session: 383f328c] 
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:33:26+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 181.3.202.142:44444 (172.17.0.5:2222) [session: 383f328c] 
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,181.3.202.142] login attempt [root/xyz] failed

Also im Grunde möchte ich Ports, die mit IP X verbunden sind, t zu haben Die Gesamtzahl der Vorkommen, die die IP in der Protokolldatei hat.

So zum Beispiel möchte ich diese Ausgabe ohne sich wiederholende Einträge, anders als wie in Pastebin

15853,failed,4,18, 
15853,succeeded,4,18, 
18693,failed,1,18, 
18942,failed,1,18, 
18942,succeeded,1,18, 
31130,succeeded,1,18, 
43041,failed,1,18, 
43041,succeeded,1,18, 
44444,failed,1,1, -> Since it is seen only once in logfile 
46321,failed,1,18, 
46321,succeeded,1,18, 
47417,failed,3,18, 
47417,succeeded,3,18, 
48713,failed,1,18, 
48713,succeeded,1,18, 
53653,failed,1,18, 
53653,succeeded,1,18, 
60563,failed,1,18, 
60563,succeeded,1,18,
gezeigt

UPDATE: migrierten alles von Paste bin auf den Posten. Ich möchte auch der nicht initialisierten Wert Port loszuwerden

Quelle

2016-05-03 firepro20

+1

Ist das nicht ein [Duplikat] (http://stackoverflow.com/questions/36992311/print-records-from-log-file-using-perl-and-hash-data-structure)? –

+0

@MattJacob ja, aber das ist mehr aktualisiert und vielleicht besser erklärt – firepro20

+0

@ikegami nur getan – firepro20

Antwort

0

Die Ausgabe hat folgende Felder:

Port,Status,AttemptOnPort,AttemptsOnIP,Malicious

Von denen, die folgende Form der Gruppierungsschlüssel:

Port,Status

Doch Ihre Hash eingegeben von

Also müssen Sie zuerst die Struktur vonanpassen.

Sie wiederholen auch die Ergebnisse für jede IP-Adresse.

Die zweite Sache, die Sie tun müssen, ist diese Extra-Schleife zu entfernen.

Das Folgende ist eine aufgeräumt Version des Codes mit den oben erwähnten Änderungen:

#!/usr/bin/perl 

use warnings; 
use strict; 

my %by_ip; 
my %rept; 
my $prev_port; 
while (<DATA>) { 
    if (my ($ip, $port) = /New connection:\s+([^:]+):(\d+)/) { 
     ++$by_ip{$ip}; 
     $prev_port = $port; 
    } 
    elsif (my ($usr, $status) = /login \s+ attempt \s+ \[ ([^\]]+) \] \s+ (\w+)/x) { 
     ++$rept{$prev_port}{$status} 
      if defined($prev_port); 
    } 
    else { 
     warn("Line with an unexpected format: $_"); 
    } 
} 

print(join(',', qw(IP AttemptsOnIP)), "\n"); 
for my $ip (sort keys(%by_ip)) { 
    print(join(',', $ip, $by_ip{$ip}), "\n"); 
} 

print("\n"); 

print(join(',', qw(Port Status AttemptOnPort AttemptsOnIP Malicious)), "\n"); 
for my $port (sort keys(%rept)) { 
    for my $status (sort keys(%{$rept{$port}})) { 
     print(join(',', $port, $status, $rept{$port}{$status}, '???', '???'), "\n"); 
    } 
} 

__DATA__ 
2016-05-02 10:20:56+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:20:58+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:43:32+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:55157 (172.17.0.5:2222) [session: 43283650] 
2016-05-02 10:43:46+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:10319 (172.17.0.5:2222) [session: c7702f86] 
2016-05-02 10:43:53+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:46321 (172.17.0.5:2222) [session: fe7bb804] 
2016-05-02 10:43:57+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:43:58+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:43:59+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18693 (172.17.0.5:2222) [session: d74eae96] 
2016-05-02 10:44:02+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:03+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:31130 (172.17.0.5:2222) [session: 3bde7820] 
2016-05-02 10:44:03+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:05+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:47417 (172.17.0.5:2222) [session: 3e177c02] 
2016-05-02 10:44:06+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:09+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:10+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:11+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 10:44:13+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 10:44:14+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:06:55+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:13849 (172.17.0.5:2222) [session: b20915b6] 
2016-05-02 11:07:06+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:61338 (172.17.0.5:2222) [session: cd38fe51] 
2016-05-02 11:07:14+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:23048 (172.17.0.5:2222) [session: 01b12825] 
2016-05-02 11:07:21+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:60563 (172.17.0.5:2222) [session: ad64232b] 
2016-05-02 11:07:26+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:07:27+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:07:33+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53653 (172.17.0.5:2222) [session: 9c48415b] 
2016-05-02 11:07:41+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:07:47+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:12:25+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18942 (172.17.0.5:2222) [session: a4dc4901] 
2016-05-02 11:12:34+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:12:36+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:40+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:40091 (172.17.0.5:2222) [session: aeb36234] 
2016-05-02 11:32:43+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53505 (172.17.0.5:2222) [session: 9022c831] 
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15131 (172.17.0.5:2222) [session: cf62fb9a] 
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15853 (172.17.0.5:2222) [session: f2f6c254] 
2016-05-02 11:32:50+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:52+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:56+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:32:57+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:32:59+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:04+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:07+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:48713 (172.17.0.5:2222) [session: e1544c90] 
2016-05-02 11:33:15+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:33:18+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:43041 (172.17.0.5:2222) [session: 383f328c] 
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/[email protected]] failed 
2016-05-02 11:33:26+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/123456] succeeded 
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 181.3.202.142:44444 (172.17.0.5:2222) [session: 383f328c] 
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,181.3.202.142] login attempt [root/xyz] failed

Ausgang:

AttemptsOnIP 
181.3.202.142,1 
183.3.202.172,18 

Port,Status,AttemptOnPort,AttemptsOnIP,Malicious 
15853,failed,4,???,??? 
15853,succeeded,4,???,??? 
18693,failed,1,???,??? 
18942,failed,1,???,??? 
18942,succeeded,1,???,??? 
31130,succeeded,1,???,??? 
43041,failed,1,???,??? 
43041,succeeded,1,???,??? 
44444,failed,1,???,??? 
46321,failed,1,???,??? 
46321,succeeded,1,???,??? 
47417,failed,3,???,??? 
47417,succeeded,3,???,??? 
48713,failed,1,???,??? 
48713,succeeded,1,???,??? 
53653,failed,1,???,??? 
53653,succeeded,1,???,??? 
60563,failed,1,???,??? 
60563,succeeded,1,???,???

Quelle

2016-05-04 15:02:27 ikegami

+0

Für den ersten Satz von '???', unter den Versuchen auf IP, in jedem Eintrag muss ich die Gesamtfrequenz der Vorkommen davon haben IP, wo dieser Port diese IP nutzt. Wie in meinem Post '43041 gezeigt, erfolgreich, 1,18, 44444, fehlgeschlagen, 1,1, -> Da es nur einmal in der Protokolldatei 46321 gesehen wird, fehlgeschlagen, 1,18, 46321, erfolgreich, 1,18 , ' – firepro20

+0

@ firepro20, Das macht keinen Sinn. Mit der Zeile ist keine IP-Adresse verknüpft. Vielleicht willst du '** IP **, Port, Status, ** AttestsOnIp **, ** AttemptsOnIpAndPort **'? (Beachten Sie, dass es doppelte Daten geben wird, wenn Sie das tun, weshalb es besser ist, zwei Tabellen zu verwenden, die Sie bereits verwenden.) – ikegami

+0

Es gibt also keine Möglichkeit, die erste und zweite Tabelle so zuzuordnen, dass die Häufigkeit 1,18 zugewiesen wird entsprechend zu jedem der Häfen in der zweiten Tabelle unter colomn 'AttemptsOnIP'? – firepro20

Verwandte Themen

 Verwandte Themen