Honeypots mailing list archives
honeyd logging with arpd
From: "Jeffrey B. Murphy" <jbmurphy () gmail com>
Date: Wed, 9 Mar 2005 15:23:51 -0500
Thanks to all that helped with arpd on fedora core 3. the diffs that were mention allowed me to compile arpd. No to my second problem. I am in a windows network and there are alot of broadcasts, which result in me getting a lot of logging. for example: honeyd[PID]: Connection to closed port: udp (192.168.0.1:5353 - 224.0.0.251:5353) honeyd[PID]: Connection to closed port: udp (192.168.0.1:138 - 130.91.159.255:138) I believe that these are broadcasts, the first might be a mac and rendezvous and the secon might be a windows netbios broadcast? My question is, how do I NOT log these entries? Some sort of selective logging? Is there something in the honeyd config that I can change or in the arpd config? Basically I only want to see non boradcast traffic. Any ideas? Thanks for your help.
Current thread:
- honeyd logging with arpd Jeffrey B. Murphy (Mar 09)