New dionaea statistics script

Following on from my work with gathering statistics from the Honeypot systems that I run I have released a limited alpha of a new script/tool that I am working on. The tool provides access to common result sets from the sqlite database, without the requirement for remembering the database architecture  and entering lengthy SQL statements by hand.
Disclaimer first: the tool doesn’t do anything outrageously new, and most of the SQL queries have been borrowed from Markus’ post on SQL logging with Dionaea when the feature was first introduced. However I have found the script makes my analysis of the honeypot logs simpler and quicker, and I’ve a positive reaction from a limited few that have had a copy of the script before this post. Hopefully it will be of use others.
Usage is relatively simple, shown below:

Dionaea database query collection
Author: Andrew Waite – www.InfoSanity.co.uk
Inspiration from carnivore.it article:
http://carnivore.it/2009/11/06/dionaea_sql_logging
Usage:
/path/to/python dionaea-sqlquery.py –query #
Where # is:
1:      Port Attack Frequency
2:      Attacks over a day
3:      Popular Malware Downloads
4:      Busy Attackers
5:      Popular Download Locations
6:      Connections in last 24 hours

The script can be found here. There is still a good level of work to be undertaken to tidy up the output, potentially allowing for output in different formats, and I also want to add additional and more complex queries as time progresses. If you have any success,  failure, comments or suggests please let me know.
— Andrew Waite

Join the conversation

2 Comments

  1. Appreciate ur work. Any update of the dionaea-sqlquery script?
    just curious about that, sure i can modify it on my own, but why do the work
    if somebody else already did.
    Thanks for ur info

    1. Nothing at present I’m afraid, ‘real’ work is getting the way of personal and research projects for the time being. It’s still on my to-do list, but I don’t have a schedule I could stick to at the moment, sorry. Although new ideas often get my motivation levels up, anything specific you were looking for?

Leave a comment

Leave a Reply to Andrew Waite Cancel reply

Your email address will not be published. Required fields are marked *