Backslash

[aabed]

Payload is added to hpfeeds collection with backslashes which results in the keys to be unusable as it's already has been escaped

This change will result into the payload and session to be written without backslashes

[jatrost]

This seems like a risky change. If the data is not valid JSON then it will not get stored; hpfeeds allows sensors to send back data in whatever format they want ranging from json to xml to binary data. What are you trying to accomplish with this change (i.e. what is the end goal)?

[aabed]

there is a sample of the payload record from honeypots right now

"payload" : "{"local_host": "::ffff:41.130.152.160", "local_port":
3306, "connection_type": "accept", "remote_port": 47834,
"remote_host": "::ffff:108.61.199.226", "remote_hostname": "",
"connection_protocol": "mysqld", "connection_transport": "tcp"}",
"channel" : "dionaea.connections" }

I want to remove those '' from the database record to be able to use it
through mongo

On Sun, Feb 1, 2015 at 11:12 PM, Jason Trost [email protected]
wrote:

This seems like a risky change. If the data is not valid JSON then it will
not get stored; hpfeeds allows sensors to send back data in whatever format
they want ranging from json to xml to binary data. What are you trying to
accomplish with this change (i.e. what is the end goal)?

—
Reply to this email directly or view it on GitHub
https://github.com/threatstream/mnemosyne/pull/14#issuecomment-72384446.

[jatrost]

What ultimately are you trying to accomplish by removing the back slashes?

I think what ever it is can be done in mnemosyne by writing the data into a new collection (similar to sessions, files, urls, dorks, etc, see https://github.com/threatstream/mnemosyne/tree/master/normalizer/modules), but changing how menmosyne stores all raw messages from hpfeeds will break a lot things in mnemosyne.