dump.php - honeypot - A custom version of kippo used for SSH honeypot analysis and reporting.
 (HTM) git clone git://jay.scot/honeypot
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
       ---
       dump.php (1027B)
       ---
            1 <?php
            2 
            3 /*
            4  * Script that I ran on the cron to dump the .log files into a directory for
            5  * ajax-term to read.
            6  *
            7  */
            8 
            9 # Change to your information.
           10 $db = mysql_pconnect("localhost","kippo","your-password");
           11 mysql_select_db("kippo",$db);
           12 
           13 # I found that if the log was < 85 there was normally no command issued.
           14 $QUERY_TTY = mysql_query("SELECT id, session FROM ttylog WHERE LENGTH(ttylog) > 85");
           15 
           16 if($QUERY_TTY)
           17         echo "Query Complete\n";
           18 else
           19         echo "Query Failed\n";
           20 
           21 $num_rows = mysql_num_rows($QUERY_TTY);
           22 
           23 echo "Rows = $num_rows \n";
           24 echo mysql_error();
           25 
           26 # Change location-to-store-logs to where you want to store the Kippo log files e.g. /var/opt/webroot/logs
           27 while($tty_row = mysql_fetch_array($QUERY_TTY)) {
           28   mysql_query("SELECT ttylog FROM ttylog WHERE id=" . $tty_row['id'] . " into dumpfile 'location-to-store-logs" . $tty_row['session'] . ".log'");
           29     if($tty_row){
           30       echo " Command is successful \n";
           31       echo "ttylog = " . $tty_row['id'] . "\n";
           32           }
           33     else
           34       echo " Command not successful \n";
           35 }
           36 
           37 ?>