Honeypots mailing list archives
Capturing and analyzing data on different honeywalls
From: Stefan Kelm <stefan.kelm () secorvo de>
Date: Mon, 19 Jun 2006 14:01:49 +0200
List, I'm about to set up a 1.0 Honeywall at a client site. However, I will only be using that HW to collect the data which will then be analyzed on a local (identical) HW. Since transferring the data over the Internet is not an option, and I want to use walleye, it should be sufficient to completely copy the /var/log/ directory to my analyzing station, or am I missing something here? Maybe /hw/conf/ needs to be copied as well? Cheers, Stefan. -------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 stefan.kelm () secorvo de, http://www.secorvo.de/ ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
Current thread:
- Capturing and analyzing data on different honeywalls Stefan Kelm (Jun 19)
- Re: Capturing and analyzing data on different honeywalls Frank S Posluszny, III (Jun 19)