Ticket #77 (closed wish: invalid)

Opened 1 year ago

Last modified 1 year ago

Logging HoneyClient Results By Severity

Reported by: anonymous Assigned to: kindlund
Priority: lowest Milestone: 1.0
Component: HoneyClient::Manager Version: none
Severity: none Keywords: logging, syslog, central, report
Cc:

Description (Last modified by kindlund)

Hi!

I do not know if a file of log exists where they are kept all requests according to if they are malicious or goods sites.

This functionality would be important to be able to automate of periodic way the reports.

Attachments

Change History

08/27/07 19:49:01 changed by kindlund

  • status changed from new to closed.
  • description changed.
  • type changed from new_feature to wish.
  • summary changed from Log request by type of dangerous to Logging HoneyClient Results By Severity.
  • milestone set to 1.0.
  • keywords set to logging, syslog, central, report.
  • resolution set to invalid.

Hi,

I'm not entirely sure what you mean by this, but I can try to guess.

If you're looking for a centralized log where the HoneyClients report which websites they've visited and which were compromised, it already exists.

Specifically, all HoneyClient code uses syslog to record its current activity. If you have syslog enabled, you should be able to see log activity, like: 

Aug 23 14:41:15 honeyclient9 10.0.0.136 bin/StartAgent.pl:  WARN [HoneyClient::Agent::worker] (lib/HoneyClient/Agent.pm:952) - HoneyClient::Agent::Driver::Browser::IE - Integrity Check: FAILED
Aug 23 14:41:22 honeyclient9 10.0.0.1 bin/StartManager.pl:  INFO [HoneyClient::Manager::runSession] (lib/HoneyClient/Manager.pm:710) - Calling suspendVM(config => /vm/clones/7e228697a08a45d6e6962abf80/winXPPro.cfg).
Aug 23 14:41:50 honeyclient9 10.0.0.1 bin/StartManager.pl:  WARN [HoneyClient::Manager::runSession] (lib/HoneyClient/Manager.pm:717) - VM Compromised.  Last Resource (http://x.xxx.net/3.html)

Is this what you mean? Feel free to re-open this ticket and post additional comments, if you're talking about something else.

— Darien

Add/Change #77 (Logging HoneyClient Results By Severity)




Change Properties
Action