On Fri, 2004-02-27 at 19:22, Peter Bates wrote:
> > John Lyons <john.lyons_at_heanet.ie> 25/02/04 16:08:28 >>>
> >We used honeyview until the recent upgrade to honeyd-0.8.
> >Honeyview patch no longer works, has anyone built a solution
> >for logfile analysis via HTTP which works in a similiar way
> >that they would like to share with the community ?
>
> Prelude is probably worthy of a plug here...
> (http://www.prelude-ids.org), a hybrid HIDS and NIDS, there are plug-ins
> available for honeyd which then allow the data to be analysed in 'Piwi',
> their web front-end.
>
> Looking at the site today, however, there isn't a honeyd plugin for 0.8
> (similar to honeyview above)... with that addition, and more people
> contributing to Piwi (so it could look as tidy as ACID, for instance),
> and this solution could be really powerful.
I tried to get the earlier patched for honeyd (against the appropriate
honeyd version) to work without success as well. So what I did was to
write a series of Prelude LML signatures (prelude lml is a log file
analyser) for it instead. I believe that the rules have hit the stable
tree by now and should be available in the latest CVS/SVN snapshot.
--
Michael Boman
Received on Sat Feb 28 2004 - 17:40:35 PST
