HoneyView

Free and open source honeyd logfile analyzer
Download

HoneyView Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Karl Hable
  • Publisher web site:
  • Operating Systems:
  • Mac OS X
  • File Size:
  • 42 KB

HoneyView Tags


HoneyView Description

Free and open source honeyd logfile analyzer honeyd is an excellent tool to collect data from hackers and script-kiddies but it can be difficult to get an overview of what really happens. Scrambling via "vi" through ascii-logfiles is time consuming and annoying.A possible solution is HoneyView. It's goal is to present the logfile data graphically and textually in a condensed form, so you get a quick and easy overview. Most of the activities which happen at honeyd are time dependant - so HoneyView gives you the ability to focus on certain time intervals.Basically HoneyView has two components:· some weird shell-scripts that are invoked by "cron" to push the honeyd log data into the dbms (currently MySQL is supported).· a php-based web interface to query the honeyd data in the database and to generate some useful diagrams to see very quickly what has happened and to get an overview of the situation with a few mouse clicks.The basic idea was to put the honeyd data (currently only the data from honeyd's main logfile) into a database to allow efficient queries of this large amount of data, using web interface. The web interface should allow two things:· Query and view the data in a text-based format.· Generate diagrams to get a quick overview.The data gathering is done by a cron job which is invoked at certain time intervals (one hour seems to be a good solution). A HoneyView-Script parses the hourly honeyd logfile and pushes the data into the DBMS. After this, the data is available from the web interface. The web interface presents the results as diagrams or text and allows you to set your query options using forms. Here are some key features of "HoneyView": · Show which ports were attacked within a certain time range using pie charts. It's also possible to limit the result by specifying an ip-address or domain name - partial ip's or domain names also work. · Show which remote ip-addresses "visited" your honeypot in a certain time range using a pie chart. Here it's possible to specify a port number to show activity on a specific port. · A timeline based hit statistic showing how many hits per second your honeypot got in a certain time range. · A textual hit statistic over a certain time range. By specifying an IP or FQH and / or a port number you have the ability to focus on specific events. · View of the original honeyd log data over a specific time range. · Certain Short Summaries which give you a quick overview. Requirements: · PHP What's New in This Release: · Initial release.


HoneyView Related Software

About SoftwareSea