Honeypots mailing list archives

Capturing and analyzing data on different honeywalls

From: Stefan Kelm <stefan.kelm () secorvo de>
Date: Mon, 19 Jun 2006 14:01:49 +0200

List,

I'm about to set up a 1.0 Honeywall at a client site.

However, I will only be using that HW to collect the data
which will then be analyzed on a local (identical) HW. Since
transferring the data over the Internet is not an option, and I
want to use walleye, it should be sufficient to completely copy
the /var/log/ directory to my analyzing station, or am I
missing something here? Maybe /hw/conf/ needs to be
copied as well?

Cheers,

        Stefan.

--------------------------------------------------------
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe

Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm () secorvo de, http://www.secorvo.de/
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Current thread:

Capturing and analyzing data on different honeywalls Stefan Kelm (Jun 19)
- Re: Capturing and analyzing data on different honeywalls Frank S Posluszny, III (Jun 19)