You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I've had my T-Pot running for the past week, and today, when I opened my dashboard, I was surprised to see only 700 attacks. When I checked the log folder, specifically looking at Cowrie (/home/ubuntu/tpotce/data/cowrie/log), I noticed some .tgz compressed files and a new cowrie.json file, from which Kibana is showing the latest records. I assume it's using cowrie.json because of the docker-compose file:
Now, I want to see all the data together, so I uncompressed the files, merged them into one using:
cat cowrie.json* > merged_cowrie.json
Then, I renamed this file to cowrie.json.
When I ran wc -l, I saw that the line count increased from about 70 to 55k, but this is still not everything since the first day's data alone was around 50k. Also, the dashboard still only shows the initial 700 attacks.
What am I doing wrong, and how can I see all the data at once? I don't want anything compressed to save space.
This discussion was converted from issue #1641 on August 20, 2024 08:32.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi, I've had my T-Pot running for the past week, and today, when I opened my dashboard, I was surprised to see only 700 attacks. When I checked the log folder, specifically looking at Cowrie (
/home/ubuntu/tpotce/data/cowrie/log), I noticed some .tgz compressed files and a new cowrie.json file, from which Kibana is showing the latest records. I assume it's using cowrie.json because of the docker-compose file:Now, I want to see all the data together, so I uncompressed the files, merged them into one using:
cat cowrie.json* > merged_cowrie.jsonThen, I renamed this file to cowrie.json.
When I ran
wc -l, I saw that the line count increased from about 70 to 55k, but this is still not everything since the first day's data alone was around 50k. Also, the dashboard still only shows the initial 700 attacks.What am I doing wrong, and how can I see all the data at once? I don't want anything compressed to save space.
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions