Events
Every connection and action to HoneyTrap generates events, which will be sent to the channels you specified in your configuration file.
Here is an example of an Event, for a ssh-simulator
service:
services > ssh > category=ssh,
date=2018-10-25 18:07:13.995002 +0200 CEST m=+21.600316780,
destination-ip=127.0.0.1,
destination-port=8023,
sensor=services,
source-ip=127.0.0.1,
source-port=49269,
ssh.command=ps,
ssh.sessionid=bf8uk9004acg7v8p3ijg,
token=bf8uk7004acg7v8p3ij0,
type=ssh-channel
As you can see, an event may have multiple fields.
Some of them are recurrent through each service, like
date
orsource-ip
.Some of them are specific to each service, like
ssh.command
orssh.sessionid
.