[Honeywall] related to absence of data in walleye UI in roo 1.2

Robert Mcmillen rvmcmil at gmail.com
Mon Dec 3 15:34:34 EST 2007


List,
     There is now a new rpm for hflow (version 1.0-42) and walleye  
(version 1.1-51).

     The hflow fixed an issue with improper escaping of a column name  
that is a mysql keyword.  The lack of escape prevented hflow from  
inserting into the sys_socket table.  This is why sebek data was not  
available in the UI because the UI will only acknowledge sebek data  
related to flows if there is an entry in the sys_socket table.

     The walleye fix was related to changes in the way mysql 5 handles  
left joins.  The fix allows you to view sebek related connections in  
the UI.

     I want to say many many thanks to Camilo for helping me with  
these fixes over the weekend.

If you get a chance, please do yum update in your roo 1.2 honeywall  
and let me know if these changes fix your problems.  If not, please  
let me know as well so that we can fix them.  To be make sure the  
honeywall is running with the latest changes after update, please do a  
honeywall reboot.

Thanks for your patience and support,

Rob

On Dec 3, 2007, at 1:54 PM, Parvinder Bhasin wrote:

> Hi Robert,
>
> Yes!! I did have sebek installed on the honeypot.  However, I did  
> try to  disable sebek server on the Honeypot itself but without any  
> luck.
>
> Sure I am open to testing a fix.
>
> -Parvinder Bhasin
>
> Robert Mcmillen wrote:
>> Pavinder,
>>    When you were doing your pen testing against your honeypot and  
>> you noticed the lack of data in the UI shortly after you started,  
>> did you have sebek installed on the honeypot?  If so, I think we  
>> may have found the problem.  Please let me know if this is the case  
>> and if you are willing to test the fix.
>> Rob
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
>



More information about the Honeywall mailing list