Link to home
Start Free TrialLog in
Avatar of OHarrisNetworks
OHarrisNetworksFlag for United States of America

asked on

HoneyD Honeypot Log parseing

Setup a honeypot running BackTrack, it's running HoneyD and we have a decent sized log file that needs parsed.  I found this script:

#!/usr/bin/python
from cymruwhois import Client
import sys

logfile = open('/var/log/honeypot/honeyd.log', 'r')
 source = []
for line in logfile:
    source.append(line.split(' ')[3])

src_country = []
src_count = []
c=Client()

results=c.lookupmany_dict(set(source))

for res in results:
    country = results[res].cc
     try:
        pos = src_country.index( country )
        src_count[pos] += 1
    except:
        src_country.append( country )
        src_count.append( 1 )

for i in range( 0, ( len( src_country ) - 1 ) ):
     sys.stdout.write( "%s:\t%i\n" %( src_country[i], src_count[i] ) )

Open in new window

I'm need to be able to parse the log to throw it into a couple of charts and graphs, this specific script is supposed to use the cymruwhois module out of rubygem to whois the public IP address's and get a count on how many IP's from each country.

When I run the script after installing the module I get the error: ImportError: No module named cymruwhois

This is the first time I've ever dealt with python so I'm open to other languages and other suggestions for solutions to my issue.  I'm thinking I might be missing a mapping of the module library?
Avatar of pepr
pepr
The cymruwhois is not a standard module. This way it is not a part of your Python installation. It must be downloaded probably from here https://pypi.python.org/pypi/cymruwhois and installed. This way the cymruwhois will be placed among the site-packages , and you will be able to import it and to use it.
Avatar of MikeOM_DBA
MikeOM_DBA
Flag of United States of America image
On the other hand, if your issue is with the parsing part, perhaps the "tokenizer" in this Parsing algorithm will be usefull.
;)
Avatar of OHarrisNetworks
OHarrisNetworks
Flag of United States of America image

ASKER

I will look into both.
Avatar of OHarrisNetworks
OHarrisNetworks
Flag of United States of America image

ASKER

I've downloaded the cymruwhois egg, extracted it, within are cymruwhois.py and cymruwhois.py, I've attempted to python cymruwhois.py and it just sits.
ASKER CERTIFIED SOLUTION
Avatar of pepr
pepr
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial