Matt Jezorek

After playing with Dionaea for several weeks and starting to find some interesting information I have found one problem that I need to solve. Centralized Logging and Data collection.

With many sensors in different locations I have no real way to gather information in a manner that makes sense to me. I have tried various methods like downloading all the data and converting it into one database for reporting. This results in lots of bandwidth and general issues because each time you are processing the whole database. The other issue with this is that id’s have to be toyed with because they are incremented locally and then used to as foreign keys. This is just a mess.

I then went and did a logmysql ihandler for Dionaea and overall it seems to work. However I am not fond of granting access to a database from a honeypot and this should be a web service call. During this work however I found out how ihandlers work in Dionaea and I am announcing the beginning of the honeycollect ihandler that will be used to centralize logging in real time.

This project will take some work but I am looking at centralizing all data from Dionaea so that you never have to look at your sensors again. After Dionaea is done I want to look at other honeypots and start really putting all this data together.

I expect some people will be interested and some people will find the whole venture worthless but leave your feedback on the idea.