From 6158c8ba32a3629a241ca6c0c63ab0d10a5459b6 Mon Sep 17 00:00:00 2001
From: Pavel Valach <pavel.valach@cesnet.cz>
Date: Mon, 2 Dec 2024 18:00:15 +0100
Subject: [PATCH] cowrie/wardenfiler: Store aid (aggregation ID) with the
 session

---
 cowrie/wardenfiler.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cowrie/wardenfiler.py b/cowrie/wardenfiler.py
index d8e0d1b..fc97925 100644
--- a/cowrie/wardenfiler.py
+++ b/cowrie/wardenfiler.py
@@ -198,9 +198,10 @@ class Output(cowrie.core.output.Output):
             )
 
             entry["loggedin"] = False
+            # AID - aggregation ID
+            entry["aid"] = aid = ','.join((entry["src_ip"], entry["dst_ip"]))
             self.sessions[entry["session"]] = entry
             ws = self.win_start or time()
-            aid = ','.join((entry["src_ip"], entry["dst_ip"]))
             cnt = self.attackers.get(aid, 0)
 
             if (time() - ws < self.aggr_win):
-- 
GitLab