Honeypots mailing list archives
Re: honeyd logs and graphics
From: Michael Boman <michael () ayeka dyndns org>
Date: Sun, 29 Feb 2004 03:10:29 +0800
On Fri, 2004-02-27 at 19:22, Peter Bates wrote:
John Lyons <john.lyons () heanet ie> 25/02/04 16:08:28 >>> We used honeyview until the recent upgrade to honeyd-0.8. Honeyview patch no longer works, has anyone built a solution for logfile analysis via HTTP which works in a similiar way that they would like to share with the community ?Prelude is probably worthy of a plug here... (http://www.prelude-ids.org), a hybrid HIDS and NIDS, there are plug-ins available for honeyd which then allow the data to be analysed in 'Piwi', their web front-end. Looking at the site today, however, there isn't a honeyd plugin for 0.8 (similar to honeyview above)... with that addition, and more people contributing to Piwi (so it could look as tidy as ACID, for instance), and this solution could be really powerful.
I tried to get the earlier patched for honeyd (against the appropriate honeyd version) to work without success as well. So what I did was to write a series of Prelude LML signatures (prelude lml is a log file analyser) for it instead. I believe that the rules have hit the stable tree by now and should be available in the latest CVS/SVN snapshot. -- Michael Boman
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- honeyd logs and graphics Mauricio Smythe (Feb 05)
- Re: honeyd logs and graphics Reto Baumann (Feb 25)
- Re: honeyd logs and graphics John Lyons (Feb 25)
- <Possible follow-ups>
- Re: honeyd logs and graphics Peter Bates (Feb 27)
- Re: honeyd logs and graphics Michael Boman (Feb 28)
- Re: honeyd logs and graphics Reto Baumann (Feb 25)