#!/bin/bashPAST_TIMESTAMP="$(date +%s -d '5 min ago')000"mongoexport \ --

1. #!/bin/bash
2.  
3. PAST_TIMESTAMP="$(date +%s -d '5 min ago')000"
4. mongoexport \
5. --csv --quiet \
6. --fields timestamp,source_ip,source_port,destination_ip,destination_port,honeypot \
7. --db mnemosyne \
8. --collection session \
9. --query "{ timestamp: {\$gt: new Date($PAST_TIMESTAMP)}}" > /tmp/mhn-report.txt
10.  
11. if cat /tmp/mhn-report.txt | grep 'dionaea'; # or snort for example
12.  
13. then
14. (
15. cat /tmp/mhn-report.txt | tr ',' '\t' > /tmp/mhn-report2.txt;
16. echo -e "Recent attack detected:\n" ;
17. cat /tmp/mhn-report2.txt
18. ) | mail -s "MHN Report: $(date -d '5 min ago')" -a "From: no-reply@mhn.mydomain.tld" user@company.com
19. echo attacks detected;
20. else
21. echo no attacks detected;
22. fi