use log msg command.input rather than command.success

This is done because many multi-command lines now come in. Better to log the full individual line rather than the parsed individual parts

cowrie/core/output.py

@@ -46,7 +46,7 @@ import time
 #  cowrie.client.version
 #  cowrie.command.input
 #  cowrie.command.failed
-#  cowrie.command.success
+#  cowrie.command.success (deprecated)
 #  cowrie.direct-tcpip.data
 #  cowrie.direct-tcpip.request
 #  cowrie.log.closed

cowrie/output/hpfeeds.py

@@ -302,7 +302,7 @@ class Output(cowrie.core.output.Output):
             u, p = entry['username'], entry['password']
             self.meta[session]['credentials'].append((u, p))
 
-        elif entry["eventid"] == 'cowrie.command.success':
+        elif entry["eventid"] == 'cowrie.command.input':
             c = entry['input']
             self.meta[session]['commands'].append(c)
 

cowrie/output/influx.py

@@ -112,8 +112,7 @@ class Output(cowrie.core.output.Output):
         }
 
         # event parsing
-        if eventid in ['cowrie.command.success',
-                       'cowrie.command.failed',
+        if eventid in ['cowrie.command.failed',
                        'cowrie.command.input']:
             m['fields'].update({
                 'input': entry['input'],

cowrie/output/mongodb.py

@@ -90,7 +90,7 @@ class Output(cowrie.core.output.Output):
         elif eventid in ['cowrie.login.success', 'cowrie.login.failed']:
             self.insert_one(self.col_auth, entry)
 
-        elif eventid in ['cowrie.command.success', 'cowrie.command.failed']:
+        elif eventid in ['cowrie.command.input', 'cowrie.command.failed']:
             self.insert_one(self.col_input, entry)
 
         elif eventid == 'cowrie.session.file_download':

cowrie/output/mysql.py

@@ -135,7 +135,7 @@ class Output(cowrie.core.output.Output):
                 (entry["session"], 0, entry['username'], entry['password'],
                 entry["time"]))
 
-        elif entry["eventid"] == 'cowrie.command.success':
+        elif entry["eventid"] == 'cowrie.command.input':
             self.simpleQuery('INSERT INTO `input`' + \
                 ' (`session`, `timestamp`, `success`, `input`)' + \
                 ' VALUES (%s, FROM_UNIXTIME(%s), %s , %s)',

cowrie/output/sqlite.py

@@ -96,7 +96,7 @@ class Output(cowrie.core.output.Output):
                 (entry["session"], 0, entry['username'], entry['password'],
                 entry["timestamp"]))
 
-        elif entry["eventid"] == 'cowrie.command.success':
+        elif entry["eventid"] == 'cowrie.command.input':
             self.simpleQuery('INSERT INTO `input`' + \
                 ' (`session`, `timestamp`, `success`, `input`)' + \
                 ' VALUES (?, ?, ?, ?)',

cowrie/shell/honeypot.py

@@ -356,7 +356,7 @@ class HoneyPotShell(object):
 
             cmdclass = self.protocol.getCommand(cmd['command'], environ['PATH'] .split(':'))
             if cmdclass:
-                log.msg(eventid='cowrie.command.success', input=cmd['command'] + " " + ' '.join(cmd['rargs']), format='Command found: %(input)s')
+                log.msg(input=cmd['command'] + " " + ' '.join(cmd['rargs']), format='Command found: %(input)s')
                 if index == len(cmd_array)-1:
                     lastpp =  StdOutStdErrEmulationProtocol(self.protocol, cmdclass, cmd['rargs'], None, None)
                     pp = lastpp