Attempt to run Log4pot about log4pot HOT 5 CLOSED

The := operator was introduced in newer python versions. It evaluates and directly assigns to the variable, here m. You have to use a recent version of the Python interpreter.

from log4pot.

Thank you for the info.

I have a different concern; the log4pot-loganalyzer.py is generating the below:

Loaded 29 events
Wrote 0 raw exploits.
Wrote 0 deobfuscated exploits.
Wrote deobfuscation_summary with 0 items.
Traceback (most recent call last):
File "log4pot-loganalyzer.py", line 87, in
df = loganalyzer.payload_url_summary(url_allowlist, url_denylist)
File "/home/ubuntu/Log4Pot/log4pot/loganalyzer.py", line 126, in payload_url_summary
df = df[df["url"].str.match(pattern, False)]
File "/home/ubuntu/.local/lib/python3.8/site-packages/pandas/core/generic.py", line 5487, in getattr
return object.getattribute(self, name)
File "/home/ubuntu/.local/lib/python3.8/site-packages/pandas/core/accessor.py", line 181, in get
accessor_obj = self._accessor(obj)
File "/home/ubuntu/.local/lib/python3.8/site-packages/pandas/core/strings/accessor.py", line 168, in init
self._inferred_dtype = self._validate(data)
File "/home/ubuntu/.local/lib/python3.8/site-packages/pandas/core/strings/accessor.py", line 225, in _validate
raise AttributeError("Can only use .str accessor with string values!")
AttributeError: Can only use .str accessor with string values!

A kind recommendation; I fixed the issue by replacing:
df = df[df["url"].str.match(pattern, False)] with df = df[df["url"].astype(str).str.match(pattern, False)]
in "Log4Pot/log4pot/loganalyzer.py", line 126

from log4pot.

Hello @thomaspatzke,
Using Log4Pot I am able to record multiple events (~17,000 events) in a period of approximately 2 hours. However, when running log4pot-loganalyzer.py I am having 0 raw exploits, 0 deobfuscated exploits, 0 payload URLs. Is there anything wrong that I am doing? Are you able to detect better results/exploits?

I am doing the below:

• Directing several ports (15 different ports) to port 8080; using iptables -t nat -A PREROUTING -i eth0 -p tcp --dport XXXXX -j REDIRECT --to-port 8080
• I am running log4pot as follows; python3 log4pot-server.py -p 8080 -P -dd downloads/
• I am running log4pot log analyzer as follows; python3 lo4pot-loganalyzer.py -o ./ log4pot.log

from log4pot.

Hi! I think the time frame was a bit short. It's normal to have several hours without any log4shell exploitation attempt. 17k events sound reasonable, this should be the normal internet noise.

from log4pot.

Thank you @thomaspatzke for the feedback.

from log4pot.