Storing ALL Data from honeywall CDROM Roo version

[Jaime Sotelo <1jasotel () gmail com>]

Hello, I'm a student doing a study allowance at a antivirus company.

I want to create a virtual environment to watch the behavior of different
kind of malware under windows os.

I'm using VMware to deploy a honeynet with the honeywall CDROM
roo-1.0.hw-189.iso

There're 3 Windows systems and a fourth system wich is the honeywall. I have
an automatized process on wich I infect the Windows virtual machines and let
the malware play around during 15 minutes. Next, the machines turn off
without saving changes and start again with another set of malware progs...
anyway, the point is that I want to:

1. Store all info that the honeywall can capture to a database in a external
machine.

2. Further, I want to analyze this data with the Honeynet Security Console.

Due to the nature of my company all the data I can extract could be of use.

My question(s):

If I'm understanding well, the honeywall has a database (hflow). The
database wich is going to use Walleye.

Has this database all the information that I want or should I gather it from
the different log files?

If the answer is yes, then all I have to do is copy the data in this
database to another database in the external machine, wich is going to have
the Honeywall Security Console schema. So...How can I export the data to the
database in the external machine (probably, the administration host)??

Another little question: ALL the information means the data from Snort
(snort-inline), Sebek, iptables, p0f and argus. Am I right??
 <http://abejaruco82.stumbleupon.com/about/>