mhn-email-alert.sh

#!/bin/bash

PAST_TIMESTAMP="$(date +%s -d '5 min ago')000"
mongoexport \
	--csv --quiet \
	--fields timestamp,source_ip,source_port,destination_port,honeypot \
	--db mnemosyne \
	--collection session \
	--query "{ timestamp: {\$gt: new Date($PAST_TIMESTAMP)}}" > /tmp/mhn-report.txt

(
  echo -e "MHN Hits in the last 5 minutes:\n" ; 
  /tmp/mhn-report.txt
) | mailx -s "MHN Report: $(date -d '5 min ago')" some-email-address@my-company.com

Suggested modification (so the script doesn't send an email unless there are results you care about):

#!/bin/bash

PAST_TIMESTAMP="$(date +%s -d '5 min ago')000"
mongoexport \
    --csv --quiet \
    --fields timestamp,source_ip,source_port,destination_ip,destination_port,honeypot \
    --db mnemosyne \
    --collection session \
    --query "{ timestamp: {\$gt: new Date($PAST_TIMESTAMP)}}" > /tmp/mhn-report.txt

if cat /tmp/mhn-report.txt | grep 'dionaea'; 

then
    (
    cat /tmp/mhn-report.txt | tr ',' '\t' > /tmp/mhn-report2.txt;
    echo -e "Recent attack detected:\n" ; 
    cat /tmp/mhn-report2.txt
    ) | mail -s "MHN Report: $(date -d '5 min ago')" user@company.com
    echo attacks detected;
else
    echo no attacks detected;
fi

Thank your for your scripts!!

I added some html for formatting and put the files in a sperated repo
Referenced you in the README
https://github.com/Clevero/mhn-email-alerts

this script works for dionaea?

Thanks for the script!!

For some unexpected reason this script does not work for me, then I modified it to use mongo shell directly from bash.

#!/bin/bash
DB="mnemosyne"
PAST_TIMESTAMP="$(date +%s -d '5 min ago')000"
mongo "$DB" --quiet --eval "db.session.find({"timestamp" : { $gt : new Date ("$PAST_TIMESTAMP")}},{ "source_ip" : 1, "source_port" :1,
"destination_ip" :1, "destination_port" :1, "honeypot" :1, "_id" : 0})" > /tmp/mhn-report.txt
...