log_json¶
This ihandler can submit information about attacks/connections encoded as json.
Warning
This ihandler is in pre alpha state and it might be changed or removed in the near future.
Configure¶
Default configuration:
log_json = {
handlers = [
"http://127.0.0.1:8080/"
"file:///tmp/dionaea.json"
]
}
handlers
List of URLs to submit the information to. At the moment only file, http and https are supported.
Format¶
Format of the connection information:
{
"connection": {
"local": {
"address": "<string:local ip address>",
"port": <integer:local port>,
},
"protocol": "<string:service name e.g. httpd>",
"remote": {
"address": "<string:remote ip address>",
"port": <integer:remote port>,
"hostname": "<string:hostname of the remote host>"
},
"transport": "<string:transport protocol e.g. tcp or udp>",
"type": "<string:connection type e.g. accepted, listen, ...>"
}
}
Example config¶
- name: log_json
config:
handlers:
#- http://127.0.0.1:8080/
- file://@LOCALESTATEDIR@/dionaea/dionaea.json