Re: pcap log analysis

[Edward Balas <ebalas () iu edu>]

Hey Joe,

Can you provide a bit more detail on what your configuration
was with the sebek server that crashed on you?  For instance
were you using sbk_upload.pl to consume the extracted data?  Also
can you send me a copy of the offending file? I attempted to duplicate
but have been unsuccessful.  Mostly because I am not sure that I have 
the
correct file, on linux I believe the equiv. files are in 
/usr/share/zoneinfo,
but...


On Jul 28, 2004, at 8:13 AM, Joe Hickory wrote:

> hi list,
>
> as there were some more requests for the pcap script i decided to put 
> them
> online.
>
> http://zeus.fh-brandenburg.de/~reitenba/index.html
>
> there are also some modified sebek server and web scripts, as i could 
> crash
> the
> sebek server unrecoverably and disabling sebek logging completely for 
> all
> honeypots
> if i did a cat /etc/timezone on any honeypot.
>
> my other modified sebek-server now logs syslog packets from the 
> honeypots
> into
> a database. a small web-interface is included.

> did i broke any licence? just tell me.

> any questions? just ask.

Id like to take this moment to remind folks that there is a public bug
server for honeynet.org initiatives located at:

https://bugs.honeynet.org

This is a venue where users and developers can synch up to
work the kinks out of these types of systems.

Thanks for the heads up,

Edward