I CHECKED THE HONYD FORUMS AND EVERYONE ASKING THE SAME
THING.
I INSTALLED HONEYD TO DEBIAN ETCH. THE VERSION IS 1.5B.
AFTER CONFIGURING
HONEYD.CONF AND RUNNING IT, I DECIDED TO LOG TO THE PRELUDE
AND SEE THE
DETAILS AT PREWIKKA. I CHECKED THE WEB AND FOUND THAT AFTER
WRITING TO THE
PRELUDE-LML.CONF SOME REGULAR EXPRESSIONS AND REGISTERING TO
PRELUDE I WILL
BE ABLE TO SEE THE AGENTS AT PREWIKKA.
I ADDED SOME ENTRIES TO THE PRELUDE-LML.CONF:
[FORMAT=HONEYDLOG13]
PREFIX-REGEX = "HONEYDLOG(STARTED|STOPPED)------;
CLASSIFICATION.TEXT=HONEYPOTLOG$1; ID=2611; REVISION=1;
ANALYZER(0).NAME=HONEYD;
ANALYZER(0).MANUFACTURER=WWW.HONEYD.ORG;
ANALYZER(0).CLASS=HONEYPOT;
ASSESSMENT.IMPACT.COMPLETION=SUCCEEDED;
ASSESSMENT.IMPACT.TYPE=FILE;
ASSESSMENT.IMPACT.SEVERITY=INFO;
ASSESSMENT.IMPACT.DESCRIPTION=HONEYDHAS$1TOWRITETOITSLOGFILE
; LAST"
FILE = /VAR/LOG/HONEYPOT/HONEYD.LOG
(TO SEE THE WHOLE PRELUDE-LML.CONF CHECK HERE PLEASE:
HTTP://RAFB.NET/P/ORRZ0F37.HTML)
AND REGISTERED USING PRELUDE-ADDUSER REGISTER ...
BUT I STILL DONT SEE MY AGENT ON THE PREWIKKA. I THINK I AM
MISSING SOMETHING.
I WILL BE HAPPY IF SOMEONE TELLS ME HOW WILL I ENABLE HONEYD
AS A SESOR TO
PRELUDE.
THANX
--
O?UZ YAR?MTEPE
HTTP://WWW.YARIMTEPE.COM/EN
|