Honeypots
honeyd and prelude Sep 18 2007 01:39PM
OÄ?uz Yarımtepe (comp ogz gmail com)
I checked the honyd forums and everyone asking the same thing.

I installed honeyd to Debian etch. The version is 1.5b. After configuring
honeyd.conf and running it, i decided to log to the prelude and see the
details at prewikka. I checked the web and found that after writing to the
prelude-lml.conf some regular expressions and registering to prelude i will
be able to see the agents at prewikka.

I added some entries to the prelude-lml.conf:

[format=honeydlog13]
prefix-regex = "honeydlog(started|stopped)------;
classification.text=Honeypotlog$1; id=2611; revision=1;
analyzer(0).name=honeyd; analyzer(0).manufacturer=www.honeyd.org;
analyzer(0).class=Honeypot; assessment.impact.completion=succeeded;
assessment.impact.type=file; assessment.impact.severity=info;
assessment.impact.description=Honeydhas$1towritetoitslogfile; last"
file = /var/log/honeypot/honeyd.log

(to see the whole prelude-lml.conf check here please:
http://rafb.net/p/OrRZ0f37.html)

and registered using prelude-adduser register ...

But i still dont see my agent on the prewikka. I think i am missing something.

I will be happy if someone tells me how will i enable honeyd as a sesor to
prelude.

Thanx

--
OÄ?uz Yarımtepe
http://www.yarimtepe.com/en

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus