Re: Problem with Honeywall and MySQL

["Mark J. Hufe" <mark.j.hufe () wilmcoll edu>]

Concerning the database, I'm wondering if this new release might provide 
some relief. I have a single honeypot running Linux SUSE 10.0 and the 
database on the honeywall becomes unmanageable within a week or two. By 
unmanageable, I mean that queries from Walleye take so long that they 
are no longer feasible. In particular, I've been trying to track SSH 
attacks via Sebek queries and process tree expansion.

I'm either doing something wrong or the recommended minimum hardware 
configuration in the online users manual is maybe a little understated. 
The honeywall is running on a Pentium 4 desktop at 3.4 GHz with 1 GB of 
memory. The online manual lists 256 MB RAM as the minimum with 512 MB 
recommended and a minimum Pentium 3 processor.

I forget who advised it, but I've been re-installing as a means of 
clearing out the database. Doing so only takes about 5 minutes. If I 
recall correctly, the minimum size of the database was set to either 30 
or 45 days. Something like a week or two might be helpful for a system 
like mine.

I've got an order in to upgrade the server to something more 
substantial, but the wheels of purchasing turn oh so slowly.

Is it likely that the Roo upgrade will help?

- Mark

Lance Spitzner wrote:

> Sam, we are working hard to get the new Honeywall CDROM 1.1 out the  
> window.   Poor Earl is pulling his hair out to squash the final bugs  
> (not a pretty site :).  We had hoped to have it out already but ran  
> into last minute issues and are adding one more feature.  The new  
> release should resolve issues like these and many others.  If you can  
> wait a week or two more, you should have the latest and greatest by  
> then.
>
> Also, the publicly SVN server is still under the works.  Our SVN guru  
> got crushed during the Thanksgiving holidays, thus the delay.
>
> Appreciate everyone's patience! :)
>
> lance