HoneyView For Mac

honeyd is an excellent tool to collect data from hackers and script-kiddies but it can be difficult to get an overview of what really happens. Scrambling via "vi" through ascii-logfiles is time consuming and annoying.

A possible solution is HoneyView. It's goal is to present the logfile data graphically and textually in a condensed form, so you get a quick and easy overview. Most of the activities which happen at honeyd are time dependant - so HoneyView gives you the ability to focus on certain time intervals.

Basically HoneyView has two components: · some weird shell-scripts that are invoked by "cron" to push the honeyd log data into the dbms (currently MySQL is supported). · a php-based web interface to query the honeyd data in the database and to generate some useful diagrams to see very quickly what has happened and to get an overview of the situation with a few mouse clicks.

The basic idea was to put the honeyd data (currently only the data from honeyd's main logfile) into a database to allow efficient queries of this large amount of data, using web interface. The web interface should allow two things: · Query and view the data in a text-based format. · Generate diagrams to get a quick overview.

The data gathering is done by a cron job which is invoked at certain time intervals (one hour seems to be a good solution). A HoneyView-Script parses the hourly honeyd logfile and pushes the data into the DBMS. After this, the data is available from the web interface. The web interface presents the results as diagrams or text and allows you to set your query options using forms.