Honeypots mailing list archives
honeyd and prelude
From: Oğuz Yarımtepe <comp.ogz () gmail com>
Date: Tue, 18 Sep 2007 16:39:50 +0300
I checked the honyd forums and everyone asking the same thing. I installed honeyd to Debian etch. The version is 1.5b. After configuring honeyd.conf and running it, i decided to log to the prelude and see the details at prewikka. I checked the web and found that after writing to the prelude-lml.conf some regular expressions and registering to prelude i will be able to see the agents at prewikka. I added some entries to the prelude-lml.conf: [format=honeydlog13] prefix-regex = "honeydlog(started|stopped)------; classification.text=Honeypotlog$1; id=2611; revision=1; analyzer(0).name=honeyd; analyzer(0).manufacturer=www.honeyd.org; analyzer(0).class=Honeypot; assessment.impact.completion=succeeded; assessment.impact.type=file; assessment.impact.severity=info; assessment.impact.description=Honeydhas$1towritetoitslogfile; last" file = /var/log/honeypot/honeyd.log (to see the whole prelude-lml.conf check here please: http://rafb.net/p/OrRZ0f37.html) and registered using prelude-adduser register ... But i still dont see my agent on the prewikka. I think i am missing something. I will be happy if someone tells me how will i enable honeyd as a sesor to prelude. Thanx -- Oğuz Yarımtepe http://www.yarimtepe.com/en
Current thread:
- honeyd and prelude Oğuz Yarımtepe (Sep 18)