Re: honeyd

[mike () honeynet org]

The answer to one of your questions is on the honeyd page...

"If your kqueue implementation does not support bpf file descriptors,
define the environment variable EVENT_NOKQUEUE to yes"

Not sure about the token, try removing any new lines at the end.

Mike

On Sat, 26 Oct 2002, Alan Neville wrote:

> Hello:
>
> When running honeyd on my FreeBSD 4.5 system, with the following syntax:
>
> honeyd -d -p nmap.prints -f config.sample -i fxp0
>
> I seem to get some strange errors which don't seem to be covered within the
> FAQ (http://www.citi.umich.edu/u/provos/honeyd/faq.html). The following
> lines are the errors produced when attempting to start honeyd as root.
>
> config.sample:11 illegal token
> config.sample:11 syntax error
> honeyd[7255]: listening on fxp0: (tcp or icmp or udp_ and not ether src
> 00:a0:c
> 9:ad:af:07
> honeyd[7255]: Kqueue does not recognize bpf filedescriptor.
> Oct 26 22:41:31 charlie honeyd[7255]: Kqueue does not recognize bpf
> filedescriptor.
>
> The following is a copy of my config.sample file:
>
> # Example of a simple host template and its binding
> annotate "AIX 4.0 - 4.2" fragment old
> create template
> set template personality "AIX 4.0 - 4.2"
> add template tcp port 80 "sh scripts/webd.sh"
> add template tcp port 22 "sh scripts/test.sh $ipsrc $dport"
> add template tcp port 21 proxy $ipsrc:23
> set template default tcp action reset
>
> bind 192.168.1.4 template
>
> Any ideas?
>
> -Alan