Concerning the database, I'm wondering if this new release
might provide
some relief. I have a single honeypot running Linux SUSE
10.0 and the
database on the honeywall becomes unmanageable within a week
or two. By
unmanageable, I mean that queries from Walleye take so long
that they
are no longer feasible. In particular, I've been trying to
track SSH
attacks via Sebek queries and process tree expansion.
I'm either doing something wrong or the recommended minimum
hardware
configuration in the online users manual is maybe a little
understated.
The honeywall is running on a Pentium 4 desktop at 3.4 GHz
with 1 GB of
memory. The online manual lists 256 MB RAM as the minimum
with 512 MB
recommended and a minimum Pentium 3 processor.
I forget who advised it, but I've been re-installing as a
means of
clearing out the database. Doing so only takes about 5
minutes. If I
recall correctly, the minimum size of the database was set
to either 30
or 45 days. Something like a week or two might be helpful
for a system
like mine.
I've got an order in to upgrade the server to something more
substantial, but the wheels of purchasing turn oh so slowly.
Is it likely that the Roo upgrade will help?
- Mark
Lance Spitzner wrote:
> Sam, we are working hard to get the new Honeywall CDROM
1.1 out the
> window. Poor Earl is pulling his hair out to squash
the final bugs
> (not a pretty site  . We had
hoped to have it out already but ran
> into last minute issues and are adding one more
feature. The new
> release should resolve issues like these and many
others. If you can
> wait a week or two more, you should have the latest and
greatest by
> then.
>
> Also, the publicly SVN server is still under the works.
Our SVN guru
> got crushed during the Thanksgiving holidays, thus the
delay.
>
> Appreciate everyone's patience!
>
> lance
>
>
|