Added 'sensor_name' and 'sensor_protocol' to logs

* 'sensor_name` is an arbitrary string that identifies the specific honeypot sensor that generated the log. Set it in the config.ini file. If not set, it will default to the honeypot system's hostname. * 'sensor_protocol' identifies the specific protocol this honeypot sensor uses. For SSH, it's always "ssh" but as other protocols are added to DECEIVE in the future, this will have different values for their logs.
2025-07-01 18:47:28 -04:00 · 2025-02-06 10:16:42 -05:00
parent fd0d8a78fc
commit 1d0e046924
2 changed files with 18 additions and 3 deletions
--- a/SSH/ssh_server.py
+++ b/SSH/ssh_server.py
@ -24,8 +24,13 @@ from langchain_core.runnables.history import RunnableWithMessageHistory
 from langchain_core.prompts import ChatPromptTemplate, MessagesPlaceholder
 from langchain_core.runnables import RunnablePassthrough
 from asyncssh.misc import ConnectionLost
+import socket

 class JSONFormatter(logging.Formatter):
+    def __init__(self, sensor_name, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.sensor_name = sensor_name
+
    def format(self, record):
        log_record = {
            "timestamp": datetime.datetime.fromtimestamp(record.created, datetime.timezone.utc).isoformat(sep="T", timespec="milliseconds"),
@ -35,7 +40,9 @@ class JSONFormatter(logging.Formatter):
            "src_port": record.src_port,
            "dst_ip": record.dst_ip,
            "dst_port": record.dst_port,
-            "message": record.getMessage()
+            "message": record.getMessage(),
+            "sensor_name": self.sensor_name,
+            "sensor_protocol": "ssh"
        }
        if hasattr(record, 'interactive'):
            log_record["interactive"] = record.interactive
@ -168,6 +175,7 @@ representative examples.
        judgement = "MALICIOUS"

    logger.info("Session summary", extra={"details": llm_response.content, "judgement": judgement})
+
    server.summary_generated = True

 async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer) -> None:
@ -277,7 +285,7 @@ class ContextFilter(logging.Filter):
        record.dst_port = thread_local.__dict__.get('dst_port', '-')

        record.task_name = task_name
-
+        
        return True

 def llm_get_session_history(session_id: str) -> BaseChatMessageHistory:
@ -367,6 +375,9 @@ try:
    # Read the user accounts from the configuration file
    accounts = get_user_accounts()

+    # Get the sensor name from the config or use the system's hostname
+    sensor_name = config['honeypot'].get('sensor_name', socket.gethostname())
+
    # Set up the honeypot logger
    logger = logging.getLogger(__name__)  
    logger.setLevel(logging.INFO)  
@ -374,7 +385,7 @@ try:
    log_file_handler = logging.FileHandler(config['honeypot'].get("log_file", "ssh_log.log"))
    logger.addHandler(log_file_handler)

-    log_file_handler.setFormatter(JSONFormatter())
+    log_file_handler.setFormatter(JSONFormatter(sensor_name))

    f = ContextFilter()
    logger.addFilter(f)