Soon we make the VM images available for download here.
These connectors serve as output/ihandler plugins which output honeypot events as IDEA event files to a directory specified in their configuration files.
They are created to work in tandem with our Warden Filer (hence the name), and so they expect the existence of the following directory structure:
tmp – here, the event is created.incoming – after the event is created and completed in tmp, it is then atomically moved here. Warden Filer then picks files up from this directory.errors – when an error in parsing, validation, or sending occurs, Warden Filer moves the event here.Current version (master): wardenfiler.py
Installation:
$COWRIE_DIR directory.wardenfiler.py to the $COWRIE_DIR/src/cowrie/output directory.$COWRIE_DIR/etc/cowrie.cfg file - create the [output_wardenfiler] section and insert the configuration as shown in the example ''cowrie.cfg''.[output_wardenfiler] section, output_dir key. At least the subdirectories tmp and incoming need to exist in this directory, and Cowrie must be granted R/W permissions to these.Current version (master): log_wardenfiler.py
Installation from the source distribution:
$DIO_DIR directory.log_wardenfiler.py to the $DIO_DIR/modules/python/dionaea directory.$DIO_DIR/etc/dionaea/ihandlers-available/log_wardenfiler.yaml. Example ''log_wardenfiler.yaml'' is available.$DIO_DIR/etc/dionaea/ihandlers-enabled, create a symlink: ln -s ../ihandlers-available/log_wardenfiler.yaml log_wardenfiler.yamlconfig.output_dir. At least the subdirectories tmp and incoming need to exist in this directory, and Dionaea must be granted R/W permissions to these.Example script for importing VM images to VirtualBox.