[Honeywall] related to absence of data in walleye UI in roo 1.2
rvmcmil at gmail.com
Mon Dec 3 15:34:34 EST 2007
There is now a new rpm for hflow (version 1.0-42) and walleye
The hflow fixed an issue with improper escaping of a column name
that is a mysql keyword. The lack of escape prevented hflow from
inserting into the sys_socket table. This is why sebek data was not
available in the UI because the UI will only acknowledge sebek data
related to flows if there is an entry in the sys_socket table.
The walleye fix was related to changes in the way mysql 5 handles
left joins. The fix allows you to view sebek related connections in
I want to say many many thanks to Camilo for helping me with
these fixes over the weekend.
If you get a chance, please do yum update in your roo 1.2 honeywall
and let me know if these changes fix your problems. If not, please
let me know as well so that we can fix them. To be make sure the
honeywall is running with the latest changes after update, please do a
Thanks for your patience and support,
On Dec 3, 2007, at 1:54 PM, Parvinder Bhasin wrote:
> Hi Robert,
> Yes!! I did have sebek installed on the honeypot. However, I did
> try to disable sebek server on the Honeypot itself but without any
> Sure I am open to testing a fix.
> -Parvinder Bhasin
> Robert Mcmillen wrote:
>> When you were doing your pen testing against your honeypot and
>> you noticed the lack of data in the UI shortly after you started,
>> did you have sebek installed on the honeypot? If so, I think we
>> may have found the problem. Please let me know if this is the case
>> and if you are willing to test the fix.
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
More information about the Honeywall