Honeypots mailing list archives
Re: Capturing and analyzing data on different honeywalls
From: "Frank S Posluszny, III" <fsp () mitre org>
Date: Mon, 19 Jun 2006 10:44:22 -0400
Haven't done that myself, but I would think it'd just be copying over the right config files, and then transferring updates to the database and pcap files as needed. This page looks like it might be helpful: http://www.cs.indiana.edu/~cviecco/distributed_roo/index.html A little more involved than you want, but should give you the technical details of what needs mimicking. -fsp Stefan Kelm said the following on 6/19/2006 8:01 AM:
List, I'm about to set up a 1.0 Honeywall at a client site. However, I will only be using that HW to collect the data which will then be analyzed on a local (identical) HW. Since transferring the data over the Internet is not an option, and I want to use walleye, it should be sufficient to completely copy the /var/log/ directory to my analyzing station, or am I missing something here? Maybe /hw/conf/ needs to be copied as well?
Current thread:
- Capturing and analyzing data on different honeywalls Stefan Kelm (Jun 19)
- Re: Capturing and analyzing data on different honeywalls Frank S Posluszny, III (Jun 19)