honeyd and prelude

[Oğuz Yarımtepe <comp.ogz () gmail com>]

I checked the honyd forums and everyone asking the same thing. 

I installed honeyd to Debian etch. The version is 1.5b. After configuring 
honeyd.conf and running it, i decided to log to the prelude and see the 
details at prewikka. I checked the web and found that after writing to the 
prelude-lml.conf some regular expressions and registering to prelude i will 
be able to see the agents at prewikka.

I added some entries to the prelude-lml.conf:


[format=honeydlog13]
prefix-regex = "honeydlog(started|stopped)------; 
classification.text=Honeypotlog$1; id=2611; revision=1; 
analyzer(0).name=honeyd; analyzer(0).manufacturer=www.honeyd.org; 
analyzer(0).class=Honeypot; assessment.impact.completion=succeeded; 
assessment.impact.type=file; assessment.impact.severity=info; 
assessment.impact.description=Honeydhas$1towritetoitslogfile; last"
file = /var/log/honeypot/honeyd.log

(to see the whole prelude-lml.conf check here please: 
http://rafb.net/p/OrRZ0f37.html)

and registered using prelude-adduser register ...

But i still dont see my agent on the prewikka. I think i am missing something.

I will be happy if someone tells me how will i enable honeyd as a sesor to 
prelude.

Thanx

-- 
Oğuz Yarımtepe
http://www.yarimtepe.com/en