Honeypots
Re: Problem with Honeywall and MySQL Dec 08 2006 06:20PM
Earl (esammons hush com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

The minimums are essentially what we believe it takes to get you up
and running with a very basic setup. If you think about it, due to
the nature of this particular application / activity its really
tough (although not impossible) to come up with metrics to be able
to say "To run like this, you need this much hardware" with any
degreee of reliability. There are so many variables.

Although I believe it has been stated that there are data
management/purge problems in the currently public 1.0 branch I
can't put my finger on any of them at the moment. We spent quite a
bit of time making it work right for the 1.1 branch which we are
trying desperately to get out (stay tuned) so I hope the new
release will at least help you to be able to reliably trim data.

Sorry for the slow response...

Earl

On Mon, 04 Dec 2006 16:03:02 -0500 "Mark J. Hufe"
<mark.j.hufe (at) wilmcoll (dot) edu [email concealed]> wrote:
>Concerning the database, I'm wondering if this new release might
>provide
>some relief. I have a single honeypot running Linux SUSE 10.0 and
>the
>database on the honeywall becomes unmanageable within a week or
>two. By
>unmanageable, I mean that queries from Walleye take so long that
>they
>are no longer feasible. In particular, I've been trying to track
>SSH
>attacks via Sebek queries and process tree expansion.
>
>I'm either doing something wrong or the recommended minimum
>hardware
>configuration in the online users manual is maybe a little
>understated.
>The honeywall is running on a Pentium 4 desktop at 3.4 GHz with 1
>GB of
>memory. The online manual lists 256 MB RAM as the minimum with 512
>MB
>recommended and a minimum Pentium 3 processor.
>
> I forget who advised it, but I've been re-installing as a means
>of
>clearing out the database. Doing so only takes about 5 minutes. If
>I
>recall correctly, the minimum size of the database was set to
>either 30
>or 45 days. Something like a week or two might be helpful for a
>system
>like mine.
>
>I've got an order in to upgrade the server to something more
>substantial, but the wheels of purchasing turn oh so slowly.
>
>Is it likely that the Roo upgrade will help?
>
>- Mark
>
>Lance Spitzner wrote:
>
>> Sam, we are working hard to get the new Honeywall CDROM 1.1 out
>the
>> window. Poor Earl is pulling his hair out to squash the final
>bugs
>> (not a pretty site :). We had hoped to have it out already but
>ran
>> into last minute issues and are adding one more feature. The
>new
>> release should resolve issues like these and many others. If
>you can
>> wait a week or two more, you should have the latest and greatest
>by
>> then.
>>
>> Also, the publicly SVN server is still under the works. Our SVN
>guru
>> got crushed during the Thanksgiving holidays, thus the delay.
>>
>> Appreciate everyone's patience! :)
>>
>> lance
>>
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkV5xwAACgkQk7+e+4lPSm1pgQCgqagrMPKvyaf47hYial7iMwHL/KoA
mQGb/WEvWK9d3XP75BGfKu90VYDX
=1Lj+
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus