|
Honeypots
mailing list archives
Re: pcap log analysis
From: Edward Balas <ebalas () iu edu>
Date: Wed, 28 Jul 2004 11:32:32 -0500
Hey Joe,
Can you provide a bit more detail on what your configuration
was with the sebek server that crashed on you? For instance
were you using sbk_upload.pl to consume the extracted data? Also
can you send me a copy of the offending file? I attempted to duplicate
but have been unsuccessful. Mostly because I am not sure that I have
the
correct file, on linux I believe the equiv. files are in
/usr/share/zoneinfo,
but...
On Jul 28, 2004, at 8:13 AM, Joe Hickory wrote:
hi list,
as there were some more requests for the pcap script i decided to put
them
online.
http://zeus.fh-brandenburg.de/~reitenba/index.html
there are also some modified sebek server and web scripts, as i could
crash
the
sebek server unrecoverably and disabling sebek logging completely for
all
honeypots
if i did a cat /etc/timezone on any honeypot.
my other modified sebek-server now logs syslog packets from the
honeypots
into
a database. a small web-interface is included.
did i broke any licence? just tell me.
any questions? just ask.
Id like to take this moment to remind folks that there is a public bug
server for honeynet.org initiatives located at:
https://bugs.honeynet.org
This is a venue where users and developers can synch up to
work the kinks out of these types of systems.
Thanks for the heads up,
Edward
 By Date 
By Thread
Current thread:
- Re: pcap log analysis, (continued)
| 
Intro
