[endlessh] Add endlessh-go compatbility to parser

Question

[endlessh] Add endlessh-go compatbility to parser

Swiiney opened this issue 8 months ago · 1 comments

Current endlessh collection uses endlessh C implementation which isn't maintained since 4 years. A new implementation in go is available https://github.com/shizunge/endlessh-go actively developped.
The log is sligthly different and the parser should be adapted.
The docker implementation encourages to log to docker and not to a file. Acquisition document should be adapted too.

Thanks

Answer 1 · 2024-06-13T10:24:26.000Z

Taken from the provided docker container

I0613 10:21:33.893309       1 main.go:78] Listening on 0.0.0.0:2222
I0613 10:22:09.748256       1 client.go:58] ACCEPT host=192.168.121.1 port=42922 n=1/4096
I0613 10:22:21.684962       1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096
I0613 10:22:22.751686       1 client.go:99] CLOSE host=192.168.121.1 port=42922 time=13.00339604 bytes=199
I0613 10:22:26.154722       1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096
I0613 10:22:26.686114       1 client.go:99] CLOSE host=192.168.121.1 port=53598 time=5.001109157 bytes=52
I0613 10:22:31.156118       1 client.go:99] CLOSE host=192.168.121.1 port=53608 time=5.001370007 bytes=64
I0613 10:22:39.811136       1 client.go:58] ACCEPT host=192.168.121.1 port=50512 n=1/4096

i will ask the team if we want to split these or just class it all as endlessh